Drupal Association members fund grants that make connections all over the world.
i'd like to filter out the renamed bmp files.
Didn't imagefield used to be dependent upon filefield? If it was it would be able to use the mimedetect.module (which is now a requirement of filefield) to accomplish this.
This patch seems correct. It prevents me from uploading a tar.gz that i renamed to a png. It only uses mimedetect if the module exists.
this looks good until I can come up with better options for mime filtering.
duplicating the whole array of mime types seems kind of redundant...
$filemime = module_exists('mimedetect') ? mimedetect_mime($file) : $file->filemime;
return in_array($filemime, array('image/jpg', 'image/pjpeg', 'image/jpeg', 'image/png', 'image/gif'));
since there's not really a current patch.
The current filefield_validate_is_image() check is now done using image_get_info() which is a good rudimentary check. Instead of changing the is_image function (which isn't used by ImageField now anyway) we should add mime type checking to the extension check.
I think this should be effective, though I'm not entirely comfortable with MimeDetect and core's own detection quite yet.
Heh, well I better actually check the right property ($file->filemime) otherwise we won't be able to upload anything. :)
Some mime-type checking is certainly better than no mime-type checking (like the current approach). I committed this since it's not going to do any harm since users can easily get the old behavior by disabling the mimedetect module, which still isn't required for the Drupal 6 version.
Automatically closed -- issue fixed for 2 weeks with no activity.
Drupal is a registered trademark of Dries Buytaert.