Do not serve archives directly

These files may be large and serving them through the web server is desirable but those files are also among those that might require additional protection.

diff --git a/wcfsetup/install/files/lib/data/file/File.class.php b/wcfsetup/install/files/lib/data/file/File.class.php
index 87bbf0cc56a90c1535227171935e4cf33a7162ec..f5b873f2719b27a0d1508a1220ccaaee8ea56b88 100644 (file)
--- a/wcfsetup/install/files/lib/data/file/File.class.php
+++ b/wcfsetup/install/files/lib/data/file/File.class.php
@@ -40,22 +40,17 @@ class File extends DatabaseObject implements ILinkableObject
      */
     public const SAFE_FILE_EXTENSIONS = [
         'avif' => 'image/avif',
-        'bz2' => 'application/x-bzip2',
         'gif' => 'image/gif',
-        'gz' => 'application/gzip',
         'jpg' => 'image/jpeg',
         'jpeg' => 'image/jpeg',
         'mp3' => 'audio/mpeg',
         'mp4' => 'video/mp4',
         'pdf' => 'application/pdf',
         'png' => 'image/png',
-        'rar' => 'application/vnd.rar',
-        'tar' => 'application/x-tar',
         'tiff' => 'image/tiff',
         'txt' => 'text/plain',
         'webm' => 'video/webm',
         'webp' => 'image/webp',
-        'zip' => 'application/zip',
     ];
 
     /** @var array<string, FileThumbnail> */