Don't trust the browser and use file_get_mimetype()'s more complete database.
zoro - December 4, 2008 - 11:22
| Project: | MimeDetect |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Description
Line 194:
// Trust the browser... ack!
if (!$mime) {
$mime = $file->filemime;
}Is there a specific reason why you're trusting the browser for file-type checking before the list of extensions?
I'm having an issue here, where m4a files (aac) aren't being correctly recognised as "audio/mp4", so I've added them to the list of known extension_mimes, and moved the browser-trust BELOW the mime checker.
#1
you're right it really isn't a good idea. i'm dropping it and using core's file_get_mimetype() function since it's got a more complete database of extension to mime mappings.
#2
found that mimedetect_mime() wasn't actually checking if the mimedetect_enable_file_binary variable was true before calling file. fixed that so i'm going to go ahead and commit this to HEAD and DRUPAL-5.
#3
forgot the patch.
#4
here's what went into D5
#5
Automatically closed -- issue fixed for 2 weeks with no activity.