ZF-8206: Zend_Validate_File_MimeType does not validate mime types that lack charsets on files with mime types that have charsets


The Zend_Validate_MimeType class does not validate files whose detected mimetypes specify a charset (e.g "plain/text; charset=us-ascii") on mimetypes which do not specify charsets (e.g "plain/text").

For example,

Suppose $file['type'] equals "plain/text; charset=us-ascii" Then the following would echo "invalid":

$validator = new Zend_Validate_MimeType(array('plain/text')); if ($validator->isValid($value, $file)) { echo 'valid'; } else { echo 'invalid'; }

If it worked correctly, it should have echoed 'valid' because the validator did not require a particular charset.

Ideally, if a whitelisted mimetype does not specify a charset (e.g. plain/text), then it should validate all charsets for that mimetype. If a whitelisted mimetype does specify a charset, but the file lacks that particular charset, then it should not validate for that specific whitelisted mimetype. However, it may still validate on another whitelisted mimetype.


Not reproducable:

As with 1.9 Zend_Validate_MimeType compares according to PHP5.3's new constant FILEINFO_MIME_TYPE which outputs no additional infos. Below 5.3 FILEINFO_MIME is used which outputs also no additional infos below 5.3.

This is even tested by our unittests.

To note: Only the MIMETYPE is validated by this validator. No encoding and no other additional infos.

Check your installation and update to the lastest 1.9 release (which actually is 1.9.5)

Closing as not reproducable due to non-response.

I can confirm this problem with 1.10.2 and PHP 5.2.10-2ubuntu6.4 with Suhosin-Patch 0.9.7.

The type returned by fileinfo is "image/gif; charset=binary" and the validation fails as a result.

Closing as not reproduceable

Please test always against the actual release and not against outdated releases. This does not make sense.