Details
-
Type:
Bug
-
Status:
Closed
-
Priority:
Major
-
Resolution: Cannot Reproduce
-
Affects Version/s: 1.9.2
-
Fix Version/s: 1.10.3
-
Component/s: Zend_Validate_File
-
Labels:None
Description
The Zend_Validate_MimeType class does not validate files whose detected mimetypes specify a charset (e.g "plain/text; charset=us-ascii") on mimetypes which do not specify charsets (e.g "plain/text").
For example,
Suppose $file['type'] equals "plain/text; charset=us-ascii"
Then the following would echo "invalid":
$validator = new Zend_Validate_MimeType(array('plain/text'));
if ($validator->isValid($value, $file)) {
echo 'valid';
} else {
echo 'invalid';
}
If it worked correctly, it should have echoed 'valid' because the validator did not require a particular charset.
Ideally, if a whitelisted mimetype does not specify a charset (e.g. plain/text), then it should validate all charsets for that mimetype. If a whitelisted mimetype does specify a charset, but the file lacks that particular charset, then it should not validate for that specific whitelisted mimetype. However, it may still validate on another whitelisted mimetype.
Not reproducable:
As with 1.9 Zend_Validate_MimeType compares according to PHP5.3's new constant FILEINFO_MIME_TYPE which outputs no additional infos.
Below 5.3 FILEINFO_MIME is used which outputs also no additional infos below 5.3.
This is even tested by our unittests.
To note:
Only the MIMETYPE is validated by this validator.
No encoding and no other additional infos.
Check your installation and update to the lastest 1.9 release (which actually is 1.9.5)