ZF-10461: CLONE - Zend_Validate_File_MimeType overrides default PHP fileinfo behavior

Issue Type: Bug Created: 2010-09-16T01:14:45.000+0000 Last Updated: 2012-12-22T20:47:37.000+0000 Status: Resolved Fix version(s): - 1.12.2 (25/Feb/13)

Reporter: Dmitry Barsukov ( Assignee: Rob Allen (rob) Tags: - Zend_Validate

  • FixForZF1.12

Related issues: - ZF-9635



Setting the option "magicfile" to false causes $this->_magicfile to be NULL, then during validation (isValid function), getMagicFile is called, and when $this->_magicfile is null, getMagicFile loops over the array $this->_magicFiles. So, now there is no way to use finfo_open without specify a magicfile (default behavior) that causes problems with validation of mime-type on some systems with outdated mime-magic files. Tested on CentOS 5.5 and causes mime-type is always octet-steam instead of right value.

From php manual for function finfo_open…

{quote} magic_file Name of a magic database file, usually something like /path/to/magic.mime. If not specified, the MAGIC environment variable is used. If this variable is not set either, /usr/share/misc/magic is used by default. A .mime and/or .mgc suffix is added if needed.

Passing NULL or an empty string will be equivalent to the default value. {quote}


Posted by Tim Lieberman (timdev) on 2011-05-11T00:37:15.000+0000

I'd also like to see this fixed.

According to

{quote}In PHP 5.3 the magic file is built-in into PHP and that is what should be used. the magic file found on the system may not always be what libmagic expects..." {quote} -- []

I run into this every so often, and then remember "Oh yeah, Zend_Validate_File_MimeType isn't guaranteed to work on a bunch of platforms"

Posted by Jarek Nowisz (jarek) on 2011-06-05T22:52:06.000+0000

Added some simple changes: for PHP version 5.3 and higher, don't use external magic file, instead use built-in magic file.

<pre class="highlight">
Index: library/Zend/Validate/File/MimeType.php
--- library/Zend/Validate/File/MimeType.php (wersja 24121)
+++ library/Zend/Validate/File/MimeType.php (kopia robocza)
@@ -148,7 +148,9 @@
     public function getMagicFile()
-        if (null === $this->_magicfile) {
+        if (defined('PHP_VERSION_ID') and PHP_VERSION_ID >= 50300) {
+            $this->_magicfile = null;
+        } elseif (null === $this->_magicfile) {
             if (!empty($_ENV['MAGIC'])) {
             } elseif (!(@ini_get("safe_mode") == 'On' || @ini_get("safe_mode") === 1)) {
@@ -176,6 +178,9 @@
      * Sets the magicfile to use
+     * for PHP versions 5.3 and higher it should be used only with null param,
+     * since finfo uses internal magic file
+     * for older versions:
      * if null, the MAGIC constant from php is used
      * if the MAGIC file is errorous, no file will be set
@@ -185,8 +190,12 @@
     public function setMagicFile($file)
-        if (empty($file)) {
+        if (defined('PHP_VERSION_ID') and PHP_VERSION_ID >= 50300 and !empty($file)) {
             $this->_magicfile = null;
+            require_once 'Zend/Validate/Exception.php';
+            throw new Zend_Validate_Exception('Do not set Magicfile. Beginning with version 5.3.0, finfo is part of PHP and uses internal magic file');
+        } elseif (empty($file)) {
+            $this->_magicfile = null;
         } else if (!(class_exists('finfo', false))) {
             $this->_magicfile = null;
             require_once 'Zend/Validate/Exception.php';

Posted by Thomas Weidner (thomas) on 2011-08-30T20:04:39.000+0000

Fixed in ZF2 with GH-365

Posted by Alex (retif) on 2011-09-07T11:03:55.000+0000

maybe this should be backported into Zend Framework 1.11.10? two hours spent to find this bugfix

Posted by Alexey Novikov (hunter) on 2011-09-28T13:35:01.000+0000

Fully aggree with Jarek Nowisz and Alex. Could you please fix this issue in Zend Framework 1.11.10?

Posted by Marcin Gil (mgil) on 2012-08-13T11:42:16.000+0000

Please fix this in ZF 1.11 !!! We have a huge crysis after updating PHP because of this!

Posted by Rob Allen (rob) on 2012-12-22T20:47:22.000+0000

Fixed in trunk (25174) and release-1.12 (25175), so will be in ZF 1.12.2.

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.