[pmwiki-devel] $EnableUploadMimematch and "Call to undefined function mime_content_type()"
Simon
nzskiwi at gmail.com
Sun Jan 14 10:23:02 PST 2024
Thank you.
You are exactly right, the file was misnamed.
That confirms the usefulness of this PmWiki enhancement
thanks again
Simon
On Sun, 14 Jan 2024 at 18:49, Petko Yotov <5ko at 5ko.fr> wrote:
> To elaborate, the mime_content_type() function checks the file
> structure:
>
> * GPX and SVG are both actually in the XML file format, so it is normal
> that such a file may be detected as XML.
>
> * DOCX, ODT, XPI, are actually zip-compressed archives, so some
> installations might detect them as ZIP.
>
> * DOC, DOCX, RTF, and PDF, are totally different file formats and one
> cannot be mistakenly detected as another one, even if LibreOffice will
> open them all. This is actually why I need this, because I tell users to
> upload PDFs and they just rename a DOC file to the wrong PDF extension.
> Then the file cannot be indexed, compressed, and shown in the PDF
> viewer.
>
> * PNG is totally different from JPEG, one is NOT a variant or subset of
> the other and one CANNOT be mistakenly detected as the other. A desktop
> picture viewer may show them correctly, as well as the browser, but
> other programs may complain or fail, for example Thumblist and Mini.
>
> I wouldn't advise to allow misnamed JPEG files with the PNG extension.
>
> Petko
>
> On 14/01/2024 07:03, Petko Yotov wrote:
> > On 14/01/2024 02:14, Simon wrote:
> >> Just further on this,
> >> it seems there may be potential issues with other file types with this
> >> check,
> >> e.g. today I got the message
> >> "_map.png_: extension 'png' doesn't match file type 'image/jpeg'"
> >> In upload.php we see "'png' => 'image/png'"
> >
> > Oh, in this case I suspect that was a JPEG file with the wrong PNG
> > extension, and it worked as designed.
> >
> > Petko
> >
> >> On Wed, 27 Dec 2023 at 00:07, Petko Yotov <5ko at 5ko.fr> wrote:
> >>
> >>> Thanks for the report, there was an omission in DDMU, should be
> >>> fixed in
> >>> 20231226, please update both ddmu.php and ddmu.js.
> >>>
> >>> Unlike the core upload form, DDMU did not report the detected MIME
> >>> type.
> >>> Version 20231226 does, when you place the mouse over the failed file
> >>>
> >>> name, it says "extension 'gpx' doesn't match file type 'text/xml'".
> >>>
> >>> The detected MIME type for a GPX file appears to be text/xml. So to
> >>> allow this alternative MIME type, place the following in config.php:
> >>>
> >>> $EnableUploadMimeMatch = array(
> >>> 'gpx'=>'!^(text/xml)$!',
> >>> );
> >>>
> >>> Instead of $EnableUploadMimeMatch = 1;
> >>>
> >>> Alternatively, you could technically define:
> >>>
> >>> $UploadExts['gpx'] = 'text/xml'; # avoid this
> >>>
> >>> ...but I suspect this might cause problems when
> >>> $EnableDirectDownload is
> >>> disabled and the attached GPX files are used to draw lines on maps.
> >>>
> >>> Petko
> >>>
> >>> On 26/12/2023 10:59, Simon wrote:
> >>>> in config.php I have
> >>>> $UploadExts['gpx'] = 'application/gpx+xml';
> >>>> and am using $EnableUploadMimeMatch
> >>>>
> >>>> Now when I try to upload (a properly formed) .gpx file
> >>>> DDMU gives the message 'extension "doesn't match the file type"'
> >>>> (which means the check is now being called and is returning a
> >>> message)
> >>>>
> >>>> is there any way to determine, or to have included in the error
> >>>> message, what the expected mime type is?
> >>>> While many [3] references [4] on the internet state the above
> >>>> (application/gpx+xml) is the mime type for .gpx files
> >>>> MIME File Type Checker - HTMLStrip [5] suggests it it "text/xml",
> >>> but
> >>>> I think that is because it doesn't know about.gpx files
> >>>>
> >>>> Others are suggested here [6].
> >>>> Is it possible to add multiple values to $UploadExts?
> >>>> OTOH the PmWiki documentation [1] suggests that
> >>>>
> >>>> $EnableUploadMimeMatch = array(
> >>>> 'csv'=>'!^(text/plain|application/csv)$!',
> >>>> 'docx'=>'!^(application/encrypted)$!',
> >>>> );
> >>>>
> >>>> is the way to manage this issue.
> >>>>
> >>>> thanks
> >>>>
> >>>> Simon
> >>>>
> >>>> PS
> >>>> PHP: mime_content_type - Manual [7] seems to suggest the
> >>>> svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
> >>> [1] [3] is
> >>>> the source of PHP mime types.
> >>>>
> >>>> On Mon, 25 Dec 2023 at 18:57, Petko Yotov <5ko at 5ko.fr> wrote:
> >>>>
> >>>>> On 25/12/2023 07:20, Simon wrote:
> >>>>>> My feeling is that all uploads should be denied.
> >>>>> ...
> >>>>>> for safety and visibility reasons I support denying uploads
> >>>>>
> >>>>> Agreed, enabled for 2.3.30, and added a new upload error message.
> >>>>>
> >>>>>> When using DragDropMultiUpload the upload never finished and
> >>>>>> never faulted, it just hung.
> >>>>>> Is there any possibility of making this visible to the user?,
> >>> e.g.
> >>>>>> DDMU fail with an error,
> >>>>>
> >>>>> Yes, the code I committed for 2.3.30, and the prerelease, should
> >>>>> show
> >>>>> the message in DDMU.
> >>>>>
> >>>>> Petko
> >>>>>
> >>>>>> On Mon, 25 Dec 2023 at 10:48, Petko Yotov <5ko at 5ko.fr> wrote:
> >>>>>>
> >>>>>>> Apparently on Windows you need to enable the Fileinfo functions
> >>>>> in
> >>>>>>> php.ini, see:
> >>>>>>>
> >>>>>>> https://www.php.net/manual/en/fileinfo.installation.php
> >>>>>>>
> >>>>>>> I have now documented this on the UploadVariables page.
> >>>>>>>
> >>>>>>> What should PmWiki do if $EnableUploadMimeMatch is enabled but
> >>>>> not
> >>>>>>> Fileinfo?
> >>>>>>>
> >>>>>>> - Act as if $EnableUploadMimeMatch is not enabled. This would
> >>>>> work
> >>>>>>> as it
> >>>>>>> did before, other checks will be done.
> >>>>>>>
> >>>>>>> - Deny all uploads, since none can be checked.
> >>>>>>>
> >>>>>>> What do you think?
> >>>>>>>
> >>>>>>> Petko
> >>>>>>>
> >>>>>>> On 24/12/2023 21:28, Simon wrote:
> >>>>>>>> Some time ago I enabled $EnableUploadMimematch [1]
> >>>>>>>>
> >>>>>>>> Recently I see
> >>>>>>>>
> >>>>>>>> [25-Dec-2023 08:25:00 Pacific/Auckland] PHP Fatal error:
> >>>>> Uncaught
> >>>>>>>> Error: Call to undefined function mime_content_type() in
> >>>>>>>> D:\Home\KiwiWiki\pmwiki\scripts\upload.php:405
> >>>>>>>> Stack trace:
> >>>>>>>> #0 D:\Home\KiwiWiki\pmwiki\scripts\upload.php(317):
> >>>>>>>> UploadVerifyBasic()
> >>>>>>>> #1 D:\Home\KiwiWiki\pmwiki\pmwiki.php(546): HandlePostUpload()
> >>>>>>>> #2 D:\Home\KiwiWiki\pmwiki\pmwiki.php(533): HandleDispatch()
> >>>>>>>> #3 {main}
> >>>>>>>> thrown in D:\Home\KiwiWiki\pmwiki\scripts\upload.php on line
> >>> 405
> >>>>>>>>
> >>>>>>>> just wondering if anyone had an idea why?
> >>>>>>>>
> >>>>>>>> and seasons holiday's greetings from the summery south
> >>>>>>>>
> >>>>>>>> Simon
> >>>>>>>>
> >>
> >>
> >> Links:
> >> ------
> >> [1]
> >> http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pmichaud.com/pipermail/pmwiki-devel/attachments/20240115/6b6d8230/attachment.html>
More information about the pmwiki-devel
mailing list