New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
model rule - 'file' extensions seem not 100% work #9888
Comments
It's a known issue because for some files it's not possible to detect type based on contents. For these you can validate against plaintext and check file extension. Not reliable but would work at least. |
No, I not mention the mimeTypes, you see, I not turn on the 'mimeTypes'. For example: I can select xxx.msg to upload at 1st step, but $model->validate() step return false and warning me only can upload 'xls, xlsx, xlsm, msg, zip, 7z, rar' files. Can you double check? |
Can you post a sample of |
.msg file is outlook emails. Usually, I can copy one email from outlook and save to desktop as .msg file. But I think you can rename any xxx.txt file to xxx.msg to testing. |
Okay, I got your problem. File extension I can offer you two solutions:
|
Can you add .msg type into mimeTypes? |
I select option 'checkExtensionByMimeType' => false Can Yii2 team at least provide different error message in case I not add above code? Or, set that flag default as false. Or, handle .msg type too, since as I mentioned, it is outlook email, popular. Thanks. |
We're importing Apache mime types: https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types. There's no plan to add more types except if the file is updated by Apache project. |
Ok, thanks. |
What do you think, if we only validate the mimetype of the extension, if we find a corresponding entry for it in the magicfile? e.g. add 'FileHelper::getMimeTypeByExtension('test.' . $extension) !== null &&' |
@luke- is the problem you're trying to solve the same as the initial problem indicated in this issue? |
@samdark yes, we just had the same issue with ".msg" files. Iust wanted to hear your opinion about this, here is our "fix": |
@luke- while this mode of checking is convenient, it potentially may cause security issues if either using |
@samdark In our case I want both, best possible security (if the mime type is known --> checkExtensionByMimeType), but also the support of (still) unknown file/mime types. But I understand that you don't want to have this behavior in the framework. Anyway, thanks for the clarification and also thanks for the good work! |
Dear Yii2 Team,
I try to upload file with below model. It is work tofilter xls/zip and so on, however, the extensions limitation failed for outlook .msg files.
It allow select .msg file, but failed to pass validate model, and then cannot upload.
Can you help to look into for this issue? Thanks.
The text was updated successfully, but these errors were encountered: