By kajimanson on

Why does upload.modules save in .txt?

for exemple, whe i try attach some file with upload.module it saves the file in .txt.
I'm trying attach a *.mtf file and i set in settings the file extension... but when i hit down the attach button it come back with "name.mtf.txt"

why?? may anyone help me? pleease!!

Categories: Drupal 4.6.x

Comments

markus_petrux’s picture

markus_petrux commented

...certain files that are uploaded using a text/whatever mime type, are renamed on the server, appeding .txt at the end.

Maybe you could ZIP the file...

Doubt is the beginning, not the end of wisdom.

kajimanson’s picture

kajimanson commented

Hmmm, undestood, but do you know other way? like a code modification or other thing that can i do to save in jus *.mtf?

(and, thanks for the attention)
:)

Samat Jain’s picture

Samat Jain commented

I've had this problem too--my PHP insall's mime_content_type function was broken.

This function uses a system (well, a "special" version of it) mime magic file to determine file types. If PHP cannot load it, because it does not exist or PHP is unable to parse the file, mime_content_type always returns text/plain, and Drupal adds a .txt extension.

That said, good luck fixing it.
__
Personal home page | Rhombic Networks: Drupal-friendly web hosting

kajimanson’s picture

kajimanson commented

do you know what is the php file that i can change the function?

Samat Jain’s picture

Samat Jain commented

What I mentioned was a PHP problem, *not* a Drupal problem. And a pretty dumb PHP problem at that.

You can fix Drupal's logic by editing includes/file.inc. Around line 157 (on my installation), you want to comment out the block:

    if (((substr($file->filemime, 0, 5) == 'text/' || strpos($file->filemime, 'javascript')) && (substr($file->filename, -4) != '.txt')) || preg_match('/\.(php|pl|py|cgi|asp)$/i', $file->filename)) {
      $file->filemime = 'text/plain';
      rename($file->filepath, $file->filepath .'.txt');
      $file->filepath .= '.txt';
      $file->filename .= '.txt';
    }

__
Personal home page | Rhombic Networks: Drupal-friendly web hosting

kajimanson’s picture

kajimanson commented

that's great! i fixed that.. thanks Samat

mine@subnet142.com’s picture

mine@subnet142.com commented

I also need to comment out that block but limit to the file rename lines. I ain't sure but it doesn't seem to work with PHP safe mode on (cannot rename /var/tmp/xxx etc.).

Actually, why .txt in the first place? For security (so that javascript won't be executed by a click)?

darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented

I have submitted this modification as a patch in issue 74542.

wiseguy-1’s picture

wiseguy-1 commented

That worked, thank you so much!

vi veri veniversum vivus vici

markchitty’s picture

markchitty commented

You can still retain some of the functionality that prevents people from uploading executable scripts into your site:

Just replace the code block on line 230 (includes/file.inc on a 4.7 install) with this:

// Rename potentially executable files, to help prevent exploits.
if (strpos($file->filemime, 'javascript') || preg_match('/\.(php|pl|py|cgi|asp)$/i', $file->filename)) {
      $file->filemime = 'text/plain';
      $file->filepath .= '.txt';
      $file->filename .= '.txt';
    }

--
www.thisliquidspace.com