Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June."Must be a JPEG, PNG or GIF image" message is hardcoded and doesn't respect the allowed extension. In the upload form it appears whatever allowed extension I chose. Is there a reason for this?
Comments
Comment #1
quicksketchAre you sure you're using the beta1 version? This was removed in #316099: Hard-coded file extensions "Must be a JPEG, PNG or GIF image" and shouldn't be in the beta1 version. Where do you see this message (other than in the source code)?
Comment #2
quicksketchEven in the source code, this string is now replaced with the much more accurate text, "The file is not a known image format." Since the check is a pass through imagegetsize(). The previous text was not at all accurate, since it would actually pass things like BMP and PSD also.
I also added this back in as a check, so now with the basic extension checking, mime type detection (#319810: Check the File's Format Rather than Just Extension), and image detection through imagegetsize() (plus munging the file names and the core .htaccess security), we should feel pretty confident about the integrity of our uploaded files.