Comments

sirkitree’s picture

Didn't imagefield used to be dependent upon filefield? If it was it would be able to use the mimedetect.module (which is now a requirement of filefield) to accomplish this.

Scott Reynolds’s picture

Version: 5.x-2.1 » 6.x-3.0-alpha2
Status: Active » Needs review
FileSize
975 bytes

This patch seems correct. It prevents me from uploading a tar.gz that i renamed to a png. It only uses mimedetect if the module exists.

dopry’s picture

Status: Needs review » Reviewed & tested by the community

this looks good until I can come up with better options for mime filtering.

drewish’s picture

Status: Reviewed & tested by the community » Needs review

duplicating the whole array of mime types seems kind of redundant...

how about

$filemime = module_exists('mimedetect') ? mimedetect_mime($file) : $file->filemime;
return in_array($filemime, array('image/jpg', 'image/pjpeg', 'image/jpeg', 'image/png', 'image/gif'));
drewish’s picture

Status: Needs review » Needs work

since there's not really a current patch.

quicksketch’s picture

Title: please check the file's format instead of extension. » Check the File's Format Rather than Just Extension
Project: ImageField » FileField
Status: Needs work » Needs review
FileSize
1.15 KB

The current filefield_validate_is_image() check is now done using image_get_info() which is a good rudimentary check. Instead of changing the is_image function (which isn't used by ImageField now anyway) we should add mime type checking to the extension check.

I think this should be effective, though I'm not entirely comfortable with MimeDetect and core's own detection quite yet.

quicksketch’s picture

FileSize
1.14 KB

Heh, well I better actually check the right property ($file->filemime) otherwise we won't be able to upload anything. :)

quicksketch’s picture

Status: Needs review » Fixed

Some mime-type checking is certainly better than no mime-type checking (like the current approach). I committed this since it's not going to do any harm since users can easily get the old behavior by disabling the mimedetect module, which still isn't required for the Drupal 6 version.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.