Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix MIME guessing of extension from type #6059

Merged
merged 2 commits into from
Jun 9, 2022
Merged

Fix MIME guessing of extension from type #6059

merged 2 commits into from
Jun 9, 2022

Conversation

paulbalandan
Copy link
Member

@paulbalandan paulbalandan commented Jun 1, 2022
edited by kenjis
Loading

Description
Fixes #6046 by relying on the path extension as the $proposedExtension argument to Config\Mimes::guessExtensionFromType(). The extension is derived using pathinfo()

However, this fix also changes the behavior of the guessing if a proposed extension is given. Previously, if the proposal is invalid, the guessing ends and returns null. Now, this early termination is removed and the guessing is continued using the array mapping of extension to MIME types.

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

@paulbalandan paulbalandan added bug Verified issues on the current code behavior or pull requests that will fix them breaking change Pull requests that may break existing functionalities labels Jun 1, 2022
@paulbalandan
Copy link
Member Author

Some edge cases I didn't see.

@paulbalandan paulbalandan marked this pull request as draft June 1, 2022 03:44
paulbalandan
paulbalandan commented Jun 1, 2022
View reviewed changes
app/Config/Mimes.php
Comment on lines -105 to -106
'application/x-zip',
'application/zip',
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to https://cdn.jsdelivr.net/gh/jshttp/mime-db@v1.49.0/db.json and https://gitlab.freedesktop.org/xdg/shared-mime-info/-/raw/master/data/freedesktop.org.xml.in which are used by Symfony in updating their MIME types, the first one is the IANA recognized MIME type.

@paulbalandan paulbalandan marked this pull request as ready for review June 1, 2022 04:54
@samsonasik
Copy link
Member

changelog and/or upgrading doc need update to copy app/Config/Mimes.php after update to 4.2?

@kenjis kenjis added the docs needed Pull requests needing documentation write-ups and/or revisions. label Jun 5, 2022
@paulbalandan
Copy link
Member Author

Rebased to add the relevant docs.

@kenjis kenjis removed the docs needed Pull requests needing documentation write-ups and/or revisions. label Jun 8, 2022
lonnieezell
lonnieezell approved these changes Jun 9, 2022
View reviewed changes
Copy link
Member

@lonnieezell lonnieezell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to read through this a couple of times, but I believe the changes still keep the intended security features of those methods in place.

@kenjis kenjis merged commit 2cb259e into codeigniter4:develop Jun 9, 2022
@kenjis
Copy link
Member

kenjis commented Jun 9, 2022

@paulbalandan Thank you!

@paulbalandan paulbalandan deleted the mime-guessing branch June 9, 2022 12:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MGatner MGatner MGatner approved these changes

@kenjis kenjis kenjis approved these changes

@lonnieezell lonnieezell lonnieezell approved these changes

Assignees
No one assigned
Labels
breaking change Pull requests that may break existing functionalities bug Verified issues on the current code behavior or pull requests that will fix them
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bug: Misdiagnosis extension for file zip
5 participants
@paulbalandan @samsonasik @kenjis @lonnieezell @MGatner