[eluser]ksorbo[/eluser]
There has been quite a bit of discussion in the code forum about problems uploading files (invalid file type). I have read all of them and nothing they did solved my problems.
I think I have found a problem (on my system, at least). I believe the problem lies with the use of the deprecated mime_content_type php function.
From upload.php CI version 2.1 lines 1019 - 1068
Code:
protected function _file_mime_type($file)
{
// Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag)
if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file'))
{
$finfo = new finfo(FILEINFO_MIME_TYPE);
if ($finfo !== FALSE) // This is possible, if there is no magic MIME database file found on the system
{
$file_type = $finfo->file($file['tmp_name']);
/* According to the comments section of the PHP manual page,
* it is possible that this function returns an empty string
* for some files (e.g. if they don't exist in the magic MIME database)
*/
if (strlen($file_type) > 1)
{
$this->file_type = $file_type;
return;
}
}
}
// Fall back to the deprecated mime_content_type(), if available
if (function_exists('mime_content_type'))
{
$this->file_type = @mime_content_type($file['tmp_name']);
return;
}
/* This is an ugly hack, but UNIX-type systems provide a native way to detect the file type,
* which is still more secure than depending on the value of $_FILES[$field]['type'].
*
* Notes:
* - a 'W' in the substr() expression bellow, would mean that we're using Windows
* - many system admins would disable the exec() function due to security concerns, hence the function_exists() check
*/
if (DIRECTORY_SEPARATOR !== '\\' && function_exists('exec'))
{
$output = array();
@exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code);
if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution
{
$this->file_type = rtrim($output[0]);
return;
}
}
$this->file_type = $file['type'];
}
I am running php 5.2.17 so the first IF (line 1022) fails. mime_content_type exists in 5.2.17 so the second if (line 1042) executes. $this->file_type is set using the mime_content_type function.
My server passes a random file name for the 'tmp_name' with no file extension. I am uploading docx files and my browser passes the correct mime type. However, the mime_content_type function returns plain text mime type. This causes the entire upload function to fail.
<b>My solution: revert to upload.php from 2.0.1.</b>
I don't know what the best way would be to detect mime type. The danger of using the browser's data is that it could be hacked allowing the user to upload potentially dangerous files.
Obviously this problem goes away if you are using 5.3+. Unfortunately, I had a hard enough time getting my host to move from 4.+ to 5.+ so I am not holding my breath.
