InputFilter - ZIP file with no forbidden file extensions in contents triggers file extension filter

[rozniak]

Steps to reproduce the issue

Upload the ZIP file referenced in the additional comments section below.

Expected result

The ZIP is successfully uploaded.

Actual result

The ZIP fails to upload, it is filtered by InputFilter::isSafeFile.

System information (as much as possible)

Debian 9 x64
PHP 7.2.33
Joomla! 3.9.21

Additional comments

I have traced the error down to this specific check in InputFilter::isSafeFile:
https://github.com/joomla/joomla-cms/blob/staging/libraries/src/Filter/InputFilter.php#L720

Here is a link to the affected ZIP file (managed to upload by commenting out the return false; statement in the above check): https://www.limingtonhouseschool.co.uk/files/SDT%20Teacher%20Application%20Pack.zip

The ZIP file in question is very mundane - it is just a simple job application pack containing PDF and DOCX files. It is attached. It triggers the check for the .py extension - if you grep this ZIP file it will match this command:

grep "\.py" SDT\ Teacher\ Application\ Pack.zip

I am not sure why this filter checks for instances of a string file extension on binary files, this file just by coincidence results in a match when searching for ".py", despite it not containing any files of that extension.

[Quy]

Duplicate #26408. Thanks for reporting.