public static function downloadFileType(string $mimeType, string $default = 'text/plain', array $badSubstrings = self::DEFAULT_MIME_BLOCK) : string
{
$block = false;
foreach ($badSubstrings as $str) {
$block = $block || \strpos($mimeType, $str) !== false;
}
if ($block) {
$p = \strpos($mimeType, ';');
if ($p !== false) {
return self::charWhitelist($default, self::MIME_CHARS) . '; ' . self::charWhitelist(self::subString($mimeType, $p), self::MIME_CHARS);
}
return $default;
}
// Not a blocked MIME type, but we should still filter it
// to prevent CRLF injections, etc. A character whitelist
// is better than a blacklist.
$p = \strpos($mimeType, ';');
if ($p !== false) {
return self::charWhitelist(self::subString($mimeType, 0, $p - 1), self::MIME_CHARS) . '; ' . self::charWhitelist(self::subString($mimeType, $p), self::MIME_CHARS);
}
return self::charWhitelist($mimeType, self::MIME_CHARS);
}