i'd like to filter out the renamed bmp files.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

sirkitree’s picture

Didn't imagefield used to be dependent upon filefield? If it was it would be able to use the mimedetect.module (which is now a requirement of filefield) to accomplish this.

Scott Reynolds’s picture

Version: 5.x-2.1 » 6.x-3.0-alpha2
Status: Active » Needs review
FileSize
975 bytes

This patch seems correct. It prevents me from uploading a tar.gz that i renamed to a png. It only uses mimedetect if the module exists.

dopry’s picture

Status: Needs review » Reviewed & tested by the community

this looks good until I can come up with better options for mime filtering.

drewish’s picture

Status: Reviewed & tested by the community » Needs review

duplicating the whole array of mime types seems kind of redundant...

how about

$filemime = module_exists('mimedetect') ? mimedetect_mime($file) : $file->filemime;
return in_array($filemime, array('image/jpg', 'image/pjpeg', 'image/jpeg', 'image/png', 'image/gif'));
drewish’s picture

Status: Needs review » Needs work

since there's not really a current patch.

quicksketch’s picture

Title: please check the file's format instead of extension. » Check the File's Format Rather than Just Extension
Project: ImageField » FileField
Status: Needs work » Needs review
FileSize
1.15 KB

The current filefield_validate_is_image() check is now done using image_get_info() which is a good rudimentary check. Instead of changing the is_image function (which isn't used by ImageField now anyway) we should add mime type checking to the extension check.

I think this should be effective, though I'm not entirely comfortable with MimeDetect and core's own detection quite yet.

quicksketch’s picture

FileSize
1.14 KB

Heh, well I better actually check the right property ($file->filemime) otherwise we won't be able to upload anything. :)

quicksketch’s picture

Status: Needs review » Fixed

Some mime-type checking is certainly better than no mime-type checking (like the current approach). I committed this since it's not going to do any harm since users can easily get the old behavior by disabling the mimedetect module, which still isn't required for the Drupal 6 version.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.