Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion upload allowed_types issue
upload allowed_types issue
  • El Forum
    Guest
  •  
#1
04-19-2008, 08:19 AM

[eluser]gRoberts[/eluser]
hi all.

One of my users has pointed out that when uploading he gets an error message. When i looked into this, I noticed he was uploading an excel (xls) file.

The problem is that the allowed_types is set to only allow CSV files, but it allows XLS. I have tried uploading an XML file or something else and CI throws an error as its not allowed.

Since when has .xls been the same as .csv?

Any idea's?

Gav
  • El Forum
    Guest
  •  
#2
04-19-2008, 08:27 AM

[eluser]Seppo[/eluser]
The upload library uses the mimes config file to validate the uploads.
Right now, by default, CSV accepts:
'text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel'

and XLS:
'application/excel', 'application/vnd.ms-excel'

as you can see all XLS mime types are included in CSV... That's what is causing your error... The problem is that the browsers detemine how is the mime type named, and some browser might send you a CSV as 'application/excel'... So you can delete the two excels options froms CSV, however you may not accept some CSV files, depending on the browser.

I can't believe the upload library works this way... you set the extension, the extension looks for the mime types that can be used and tries to matches the browser mime type... Is really awful and a bit stupid.
  • El Forum
    Guest
  •  
#3
04-19-2008, 08:31 AM

[eluser]gRoberts[/eluser]
I've put a little extra bit in just to check whether its not an .csv file extension, but really you shouldn't have to do that.

Thanks
  • El Forum
    Guest
  •  
#4
05-05-2008, 12:24 PM

[eluser]nikefido[/eluser]
ah ha, this answers my question. somewhere im allowing something with mime type "application/octet-stream" which is therefore allowing things like .php files to be uploaded.

bleh...must fix...
  • El Forum
    Guest
  •  
#5
05-06-2008, 11:22 AM

[eluser]Mirage[/eluser]
The checking of the mime-type is unfortunately inconsistent and not very reliable. I've had a similar issue with .pdf files which apparently get assigned different mime-types based on where they're coming from. Checking extension isn't foolproof of course, but adding this to your code or an extended upload class is definitely an improvement.

Cheers!




Theme © iAndrew 2016 - Forum software by © MyBB