Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
[Minor] Improve mime_types plugin #2852
Hackers sometimes try to hide the filename of an attachment by encoding some characters in HEX (e.g. "attached%2E%62at"). The most e-mail clients would decode this characters and the final filename would be "attached.bat". The mime_types plugin now decodes those characters before determining the file extension.
Additionally, the plugin now uses the higher weighted MIME type, if the detected type differs from the one specified in the Content-Type header, so we are always on the safe side.
Yes, I have seen such obfuscations in the wild.
This is an example of the mentioned header: