Zend Framework

Special option that would allow to use mime-type from HTTP headers

Details

  • Type: Improvement Improvement
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Won't Fix
  • Affects Version/s: 1.10.0
  • Fix Version/s: 1.10.2
  • Component/s: Zend_File_Transfer
  • Labels:
    None

Description

Zend_File_Transfer_Adapter_Abstract::_detectMimeType() method does not check the mime-type using HTTP headers, that may be quite safe if you are use a web server module, such as mod_mime_magic.
I propose to add a special option that would allow to use mime-type from HTTP headers ($_FILES array).

Issue Links

This issue is related to:
ZF-8733 Zend_File_Transfer_Adapter_Abstract should not accept user provided mime time as official mime type Major Resolved

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Thomas Weidner added a comment -

For security reasons this has been removed in request by the dev team.

Therefor this issue is closed as won't fix.

Show
Thomas Weidner added a comment - For security reasons this has been removed in request by the dev team. Therefor this issue is closed as won't fix.
Hide
Permalink
Thomas Weidner added a comment -

Related security issue

Show
Thomas Weidner added a comment - Related security issue

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Zend Framework. Try JIRA - bug tracking software for your team.