Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By mcurry on
When I upload a node attachment (using the upload module) with an extension of .zip, it automatically renames to whatever.zip.txt and the mime type in the files table is set to text/plain.
I've searched recursively using grep, and the only code that has '.txt' is in file.inc/file_check_upload. It appears that file_check_upload is trying to prevent javascript (js) uploads... is it misfiring on .zip files?
// Rename potentially executable files, to help prevent exploits.
if (((substr($file->filemime, 0, 5) == 'text/' || strpos($file->filemime, 'javascript')) && (substr($file->filename, -4) != '.txt')) || preg_match('/\.(php|pl|py|cgi|asp)$/i', $file->filename)) {
$file->filemime = 'text/plain';
$file->filepath .= '.txt';
$file->filename .= '.txt';
}
I found these when searching for answers:
http://drupal.org/node/45318
http://drupal.org/node/74542
but I'm not sure these are related - the referenced code is not current.
Is there a setting/configuration item I have missed somewhere?
