File upload action - issues with replacing files #9267

Closed
hypeJunction opened this Issue Dec 27, 2015 · 1 comment

Comments

Projects
None yet
2 participants
@hypeJunction
Contributor

hypeJunction commented Dec 27, 2015

File upload action preserves the filename of the original file, when the file is being replaced. This has implications if the new file is of different type, as it may lead to wrong mimetype/simpletype detection, if for some reason browser fails to detect mime correctly, or a plugin is trying to detect mimetype, rather than relying on the metadata value.

Not sure what the correct approach to fixing is. Probably restricting replacements of files of the same type would be the least evil solution. I am not sure if replacing the name will affect anything.

mrclay added a commit to mrclay/Elgg-leaf that referenced this issue Apr 4, 2016

fix(file): better uploaded file handling and thumbnail serving
Uploaded files now always have a new name with the client-given extension,
even when replacing a previous upload. Thumbnails files now have the `.jpg`
extension and are served with the `image/jpeg` Content-Type.

Fixes #9612
Fixes #9267
Fixes #6677
@mrclay

This comment has been minimized.

Show comment
Hide comment
Member

mrclay commented Apr 4, 2016

PR #9615

mrclay added a commit to mrclay/Elgg-leaf that referenced this issue Apr 4, 2016

fix(file): better uploaded file handling and thumbnail serving
Uploaded files now always have a new name with the client-given extension,
even when replacing a previous upload. Thumbnails files now have the `.jpg`
extension and are served with the `image/jpeg` Content-Type.

Fixes #9612
Fixes #9267
Fixes #6677

mrclay added a commit to mrclay/Elgg-leaf that referenced this issue Apr 4, 2016

fix(file): better uploaded file handling and thumbnail serving
Uploaded files now always have a new name with the client-given extension,
even when replacing a previous upload. Thumbnails files now have the `.jpg`
extension and are served with the `image/jpeg` Content-Type.

If the file is recognized as an image, but thumbnails can't be created, we
no longer allow thumbs from the previous file to be re-used.

Fixes #9612
Fixes #9267
Fixes #6677

mrclay added a commit to mrclay/Elgg-leaf that referenced this issue Apr 4, 2016

fix(file): better uploaded file handling and thumbnail serving
Uploaded files now always have a new name with the client-given extension,
even when replacing a previous upload.

Thumbnail JPEG files now have the `.jpg` extension and are served with the
correct Content-Type. If a plugin happened to have created their own non-JPEG
thumbs, they'd now be served with the correct MIME (instead of the original
file's MIME type).

If the file is recognized as an image, but thumbnails can't be created, we
no longer allow thumbs from the previous file to be re-used.

Fixes #9612
Fixes #9267
Fixes #6677

@mrclay mrclay closed this in 72140cf Apr 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment