xls & html uploaded as image - mime type validation failed?

See all posts Reply

xls & html uploaded as image - mime type validation failed? new!
by Patrick, 15 years, 3 months ago
I can upload files other than GIF, JPG, PHG & BMP when using the action='image' option of the demo upload script. Selecting a '.doc' file, the script correctly tells me "Error: Incorrect type of file." but if I choose an EXCEL file or an HTML document it goes ahead and loads it anyway?

Can anybody help?Reply
Re: xls & html uploaded as image - mime type validation failed? new!
by colin, 15 years, 3 months ago
Look in the log produced by the class ($handle->log), and set the $handle->allowed array of allowed MIME types accordingly.Reply
Re: xls & html uploaded as image - mime type validation failed? new!
by Patrick, 15 years, 3 months ago
Hi Colin,

Here is the log ...
system information
- class version : 0.27
- GD version : 2.0.34
- supported image types : png jpg gif bmp
- open_basedir : no restriction
- language : en_GB
source is an uploaded file
- upload OK
- file name OK
- MIME type detected as application/msword by UNIX file() command
- source variables
file_src_name : Serial Numbers.xls
file_src_name_body : Serial Numbers
file_src_name_ext : xls
file_src_pathname : /tmp/php42L8Bg
file_src_mime : application/msword
file_src_size : 13824 (max= 67108864)
file_src_error : 0
process file to images/entrants_pics/
- file size OK
- file mime OK : application/msword
- new file name body : Entry_No_0000_PicA
- file name safe format
- destination variables
file_dst_path : images/entrants_pics/
file_dst_name_body : Entry_No_0000_PicA
file_dst_name_ext : xls
- no image operation, keep extension .................... etc.


I'm confused about your remark "set the $handle->allowed array " - do I have to do that? The log sugggests this has already been done - it knows that doc firles are invalid - not clear why it doesn't detect xls files are also invalid ngiven the statement "supported image types : png jpg gif bmp" above.
Regards.
Patrick.Reply
Re: xls & html uploaded as image - mime type validation failed? new!
by colin, 15 years, 3 months ago
Note that you try with this new version 0.28RC4, it has stronger MIME type detection, and more extensive logging.

The supported image types : png jpg gif bmp is only stating what GD can handle. No relation with the file you are uploading.

For your issue: if you use the test files provided with the class, you can indeed upload a regular file with the action=image form. As long as the MIME type validation is OK, your file will be uploaded; Then, in the action=image case, it will try to resize the image. But because your file is not an image, it doesn't do any image manipulation, it just uploads.

If you want to restrict the type of files to images only, do something like:
$handle->allowed = array('image/*');
Reply
Re: xls & html uploaded as image - mime type validation failed? new!
by Patrick, 15 years, 3 months ago
Hi Colin - thanks for your attention on this - great service. Adding the 'allowed' statement suggested above resolved the issue with V0.27 so no need to upgrade at this stage. Still puzzled as to why it knew the Word document was no good and didn't load it yet went ahead with the EXCEL sheet but as I say my problem is resolved.

Thanks again.
Patrick.Reply