ZF-10461: CLONE - Zend_Validate_File_MimeType overrides default PHP fileinfo behavior


Setting the option "magicfile" to false causes $this->_magicfile to be NULL, then during validation (isValid function), getMagicFile is called, and when $this->_magicfile is null, getMagicFile loops over the array $this->_magicFiles. So, now there is no way to use finfo_open without specify a magicfile (default behavior) that causes problems with validation of mime-type on some systems with outdated mime-magic files. Tested on CentOS 5.5 and causes mime-type is always octet-steam instead of right value.

From php manual for function finfo_open…

{quote} magic_file Name of a magic database file, usually something like /path/to/magic.mime. If not specified, the MAGIC environment variable is used. If this variable is not set either, /usr/share/misc/magic is used by default. A .mime and/or .mgc suffix is added if needed.

Passing NULL or an empty string will be equivalent to the default value. {quote}


I'd also like to see this fixed.

According to

{quote}In PHP 5.3 the magic file is built-in into PHP and that is what should be used. the magic file found on the system may not always be what libmagic expects..." {quote} -- []

I run into this every so often, and then remember "Oh yeah, Zend_Validate_File_MimeType isn't guaranteed to work on a bunch of platforms"

Added some simple changes: for PHP version 5.3 and higher, don't use external magic file, instead use built-in magic file.

Index: library/Zend/Validate/File/MimeType.php
--- library/Zend/Validate/File/MimeType.php (wersja 24121)
+++ library/Zend/Validate/File/MimeType.php (kopia robocza)
@@ -148,7 +148,9 @@
     public function getMagicFile()
-        if (null === $this->_magicfile) {
+        if (defined('PHP_VERSION_ID') and PHP_VERSION_ID >= 50300) {
+            $this->_magicfile = null;
+        } elseif (null === $this->_magicfile) {
             if (!empty($_ENV['MAGIC'])) {
             } elseif (!(@ini_get("safe_mode") == 'On' || @ini_get("safe_mode") === 1)) {
@@ -176,6 +178,9 @@
      * Sets the magicfile to use
+     * for PHP versions 5.3 and higher it should be used only with null param,
+     * since finfo uses internal magic file
+     * for older versions:
      * if null, the MAGIC constant from php is used
      * if the MAGIC file is errorous, no file will be set
@@ -185,8 +190,12 @@
     public function setMagicFile($file)
-        if (empty($file)) {
+        if (defined('PHP_VERSION_ID') and PHP_VERSION_ID >= 50300 and !empty($file)) {
             $this->_magicfile = null;
+            require_once 'Zend/Validate/Exception.php';
+            throw new Zend_Validate_Exception('Do not set Magicfile. Beginning with version 5.3.0, finfo is part of PHP and uses internal magic file');
+        } elseif (empty($file)) {
+            $this->_magicfile = null;
         } else if (!(class_exists('finfo', false))) {
             $this->_magicfile = null;
             require_once 'Zend/Validate/Exception.php';

Fixed in ZF2 with GH-365

maybe this should be backported into Zend Framework 1.11.10? two hours spent to find this bugfix

Fully aggree with Jarek Nowisz and Alex. Could you please fix this issue in Zend Framework 1.11.10?

Please fix this in ZF 1.11 !!! We have a huge crysis after updating PHP because of this!

Fixed in trunk (25174) and release-1.12 (25175), so will be in ZF 1.12.2.