function is_image() Uses its own mime types, rather than mimes.php |
|||
|---|---|---|---|
| Date: | 05/09/2008 | Severity: | Minor |
| Status: | Not a Bug | Reporter: | mahuti |
| Version: | 1.6.1 | ||
| Keywords: | Libraries, File Uploading Class | ||
Description
I would expect to set mime types in the mimes.php file, and have them recognized throughout the system. Currently, I have
‘jpg’ => array(’image/jpeg’, ‘image/pjpeg’,’application/octet-stream’),
set in the mimes.php file… the addition here being application/octet-stream
Upload.php’s is_image does not recognize application-octet/stream that I set in the mimes.php file however, because it identifies it’s own mime types. This seems to be inconsistent behaviour.
Code Sample
function is_image()
{
// IE will sometimes return odd mime-types during upload, so here we just standardize all
// jpegs or pngs to the same file type.
$png_mimes = array('image/x-png');
$jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg','application/octet-stream');
if (in_array($this->file_type, $png_mimes))
{
$this->file_type = 'image/png';
}
if (in_array($this->file_type, $jpeg_mimes))
{
$this->file_type = 'image/jpeg';
}
$img_mimes = array(
'image/gif',
'image/jpeg',
'image/png',
);
return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE;
}
Expected Result
I would expect that the mimes would be drawn from the mimes.php
Actual Result
The mime types are drawn from a function within upload.php
Comment on Bug Report
| Posted by: Derek Jones on 9 May 2008 7:25pm | |
|
Validating an image based on application/octet-stream is rather dangerous. is_image() uses its own qualifiers based on real-world needs of browsers and security for uploading images. I would recommend in your case that you extend the Upload class and replace is_image() with your own method if you wish to be more liberal with what you accept as being a valid image. |
