[4.x] Uniform image validation #9284
Conversation
|
Seems like there are some issues with Github currently going on: https://www.githubstatus.com/incidents/pxg3dz4yg7lp, actions should run normally when that's fixed. |
|
I don't understand why the tests don't run on this PR. Weird. |
|
Oh yes they continue indefinitely because this code introduces an infinite loop. |
|
Closing as this causes the infinite loop.
In the previous code, step 3 will check the file extension and not the mime type, and continue on its way. Other than the infinite loop, this makes If the only problem you're encountering is that jpgs saved with other extensions aren't generated, I'm fine with that as it is the security measure kicking in. Generally you should be saving with the correct file extension. |
|
Follow-up: #9290 + maybe we should validate this on upload so we can prevent users from uploading incorrect files. |
Within #7666 the image validation is moved to the new ImageValidator but that's not used yet on the asset itself. We encountered some issues with this in the assets browser and end users uploading images where the extension and mime type do not match. For example a JPG saved as
.pngwill result in an exception:With a broken thumb in the asset browser:
By using the same logic here will fix this and will show a svg placholder thumb as there is something wrong with the image:
Another approach is to remove the mime type check as images with a extension mismatching the mimetype can still be processed and thumb generation works. But maybe that could lead to other problems later? Can imagine not all browsers like images with a mismatching mime.