ZF-8206: Zend_Validate_File_MimeType does not validate mime types that lack charsets on files with mime types that have charsets

Issue Type: Bug Created: 2009-11-02T14:07:49.000+0000 Last Updated: 2010-04-22T12:07:26.000+0000 Status: Closed Fix version(s): - 1.10.3 (01/Apr/10)

Reporter: Will Riley (wriley) Assignee: Thomas Weidner (thomas) Tags: - Zend_Validate_File

Related issues: Attachments:


The Zend_Validate_MimeType class does not validate files whose detected mimetypes specify a charset (e.g "plain/text; charset=us-ascii") on mimetypes which do not specify charsets (e.g "plain/text").

For example,

Suppose $file['type'] equals "plain/text; charset=us-ascii" Then the following would echo "invalid":

$validator = new Zend_Validate_MimeType(array('plain/text')); if ($validator->isValid($value, $file)) { echo 'valid'; } else { echo 'invalid'; }

If it worked correctly, it should have echoed 'valid' because the validator did not require a particular charset.

Ideally, if a whitelisted mimetype does not specify a charset (e.g. plain/text), then it should validate all charsets for that mimetype. If a whitelisted mimetype does specify a charset, but the file lacks that particular charset, then it should not validate for that specific whitelisted mimetype. However, it may still validate on another whitelisted mimetype.


Posted by Thomas Weidner (thomas) on 2009-11-02T14:52:15.000+0000

Not reproducable:

As with 1.9 Zend_Validate_MimeType compares according to PHP5.3's new constant FILEINFO_MIME_TYPE which outputs no additional infos. Below 5.3 FILEINFO_MIME is used which outputs also no additional infos below 5.3.

This is even tested by our unittests.

To note: Only the MIMETYPE is validated by this validator. No encoding and no other additional infos.

Check your installation and update to the latest 1.9 release (which actually is 1.9.5)

Posted by Thomas Weidner (thomas) on 2009-11-03T08:34:07.000+0000

Closing as not reproducable due to non-response.

Posted by Justin Hendrickson (toxygene) on 2010-04-22T10:11:52.000+0000

I can confirm this problem with 1.10.2 and PHP 5.2.10-2ubuntu6.4 with Suhosin-Patch 0.9.7.

The type returned by fileinfo is "image/gif; charset=binary" and the validation fails as a result.

Posted by Thomas Weidner (thomas) on 2010-04-22T12:07:24.000+0000

Closing as not reproduceable

Please test always against the actual release and not against outdated releases. This does not make sense.

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.