With drupal 7 beta 2 's image field, i can upload non-image files as long as they have an allowed extention like .jpg .

Mime-types are not checked when uploading an image. Is it a safe way to work when ignoring mime-types?

Comments

pyrollo’s picture

pyrollo CreditAttribution: pyrollo commented

I had a look on that issue.

First, there is no mime type file validator in file.inc. This could easily added with a function like this one (in include/file.inc) :

/**
 * Check that the file is of one of the allowed mime types.
 *
 * @param $file
 *   A Drupal file object.
 * @param $mime_types
 *   A string with a space separated list of allowed mime types. A * represents any mime type.
 *
 * @return
 *   An array. If the file mime type is not allowed, it will contain an error
 *   message.
 *
 * @see hook_file_validate()
 */
function file_validate_mime_type(stdClass $file, $mime_types) {
  $errors = array();

  // Build a regular expression for mime types
  $regex = preg_quote($mime_types, '/');
  $regex = preg_replace('/\ +/', '|', $regex);
  $regex = preg_replace('/\\\\\*/', '[a-zA-Z0-9.\-+]*', $regex);
  $regex = '/'.$regex.'/';

  if (!preg_match($regex, $file->filemime)) {
    $errors[] = t('Only files with the following mime type are allowed: %files-allowed.', array('%files-allowed' => $mime_types));
  }

  return $errors;
}

Then a single extra line in image_field_widget_form function (modules/image/image_field.inc) :

    $elements[$delta]['#upload_validators']['file_validate_mime_type'][0] = 'image/*';

just before : 

    // Add all extra functionality provided by the image widget.
    $elements[$delta]['#process'][] = 'image_field_widget_process';

would do the job.

But, when testing it appears that a file with a .jpg extention is always recognized by Drupal file interface as image/jpeg mime type file (even a dummy text file renamed something.jpg). That's a bit surprising (and very disappointing !) but this behavior is the same on my computer (under GNU/Linux Ubuntu).

Maybe it is a problem with the system configuration. Anyway, testing mime type could be an interesting feature.

jan_v’s picture

jan_v CreditAttribution: jan_v commented

I think it's a bit strange that drupal has this quite advanced functionality to check on mime-types in includes/file.inc, but it already fails when uploading a textfile, javascript file or whatever with the extension .jpg .

Kars-T’s picture

Kars-T CreditAttribution: Kars-T commented
Status: Active » Fixed

Dear fellow Drupal enthusiasts,

this issue is now lasting for a very long time in the issue queue and was unfortunately never solved. As Drupal is a open source project everyone is helping on voluntary basis. So that this is was not solved is nothing personal and means no harm. But perhaps no one had time to deal with this issue, maybe it is too complex or did not pose the problem comprehensible.

But this issue is not the only one. There are thousands of issues on Drupal.org that have never been worked on or could not be processed. This means that we are building a wave that is unmanageable and just a problem for the Drupal project as a whole. Please help us keep the issue queue smaller and more manageable.

Please read again, "Making an issue report" and see if you can improve the issue. Test the problem with the current Core and modules. Maybe the problem doesn't exist anymore, is a duplicate or has even been solved within this issue but never closed.

Help can also be found for it on IRC and in the user groups.

In order this issue no longer remains, I put this issue to "fixed".

If there is new information, please re-open the issue.

Status: Fixed » Closed (fixed)
Issue tags: -image, -upload, -MIME

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +image, +upload, +MIME

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.