Welcome Guest, Not a member yet? Register   Sign In
File Upload Class - MIME type detection error - 2.1.0
#1

[eluser]Unknown[/eluser]
There is a bug with the File Upload Class in the _file_mime_type function.

1. Uploading any image with the following config would generate the error 'The filetype you are attempting to upload is not allowed.':

Code:
$config = array(
'upload_path' => './uploads/',
'allowed_types' => 'gif|jpg|png'
);
  
$this->load->library('upload', $config);


2. Changing 'allowed_types' to '*' allows the file to be uploaded, however the upload data array ( $this->upload->data() ) contains an error:

Code:
[file_type] => cannot open `' (no such file or directory)

3. Looking at system/libraries/Upload.php , Line 1058 tries to use an array value that does not exist.

Code:
@exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code);

Changed to:

Code:
@exec('file --brief --mime-type ' . escapeshellarg($file['tmp_name']), $output, $return_code);

This seems to detect the proper MIME type.

----

System Info: PHP 5.2.11 (MAMP 1.0) - Mac OS X 10.6.8
#2

[eluser]Unknown[/eluser]
isn't it too risky?? what if someone upload not image file... if someone try too hacking with this hole... i don't know what to do about this...
but while I chose the first answer where the file type change to *... thx for sharing...
#3

[eluser]CocoMansur[/eluser]
[quote author="victorche" date="1322829005"]Anyway... The guy, who made some changes in the upload class, gave me a fix for my problem. It appears on Windows machines, when sometimes mime_content_type returns false. And the fix is like this... On line 1058 (/system/libraries/Upload.php):
Code:
$this->file_type = @mime_content_type($file['tmp_name']);
return;
Replace with:
Code:
$this->file_type = @mime_content_type($file['tmp_name']);
if (strlen($this->file_type) > 0) return;
I can not say if this fix is a good solution, but anyway it works great for me. So maybe some of the developers can give us a hint here.

Edit: This is the fix, with the pull request on GitHub from my friend:
https://github.com/EllisLab/CodeIgniter/pull/733[/quote]

Thanks for this fix, this worked for me, i applied the first fix but i was still having problem when uploading a file that is allowed on my config.

I applied the first fix with this fix and now it works.

Thanks. hopefully they will fix this issue on the next version.
#4

[eluser]StickGrinder[/eluser]
Just in case someone else has this error and above solutions don't work:

I'm running CI 2.1 (vanilla) on PHP 5.3.10 - (mod_php, Ubuntu server) and the error persists.
Figured out that in system/libraries/Upload.php, from line 597 the following code

Code:
$ext = strtolower(ltrim($this->file_ext, '.'));

        if ( ! in_array($ext, $this->allowed_types))
        {
            return FALSE;
        }

invariabily fails, since for what I think is a bug in PHP, $ext value before the if statement is correct, while after the if statement (and during it, it seems), it changes.

To check this out try this:

Code:
$ext = strtolower(ltrim($this->file_ext, '.'));

        echo var_dump($ext);

        if ( ! in_array($ext, $this->allowed_types))
        {
            die(var_dump($ext));
            return FALSE;
        }

Changing the variable name to $fext across all class did the trick for me: the value remains untouched.

EDIT: I lied! It fails equally. The ONLY viable solution I found is to use a constant instead. AWFUL solution follows!


Code:
define('ULFEXT', strtolower(ltrim($this->file_ext, '.')));

        if ( ! in_array(ULFEXT, $this->allowed_types))
        {
            return FALSE;
        }

        $ext = ULFEXT;

Thanks PHP. And if someone is thinking about testing out some other framework, my advice is to frog-leap to another language too. Tongue meh.
#5

[eluser]Binod Kumar Luitel[/eluser]
Update to stable version for this issue's fix:
https://github.com/EllisLab/CodeIgniter/tree/2.1-stable
#6

[eluser]Unknown[/eluser]
This is still a problem even with the latest update to Upload.php. I'm using the library to upload document files, no images are allowed.
Code:
$config['allowed_types']  = 'doc|docx|txt|rtf|pdf';

I can upload all but the docx file types. When I dump the contents of
Code:
$this->upload->data()
the file_type always equals '' no matter what type of file is uploaded.

When uploading docx files I get a wrong file type error.
#7

[eluser]Unknown[/eluser]
I as well am still encountering these problems with the latest CI.

In fact, I tried doing
Code:
$config['allowable-types'] = '*';
, so that all filetypes are allowed, but it still complains that my file is not an allowed type.

Edit: I stand corrected, my problems are solved. I am supposed to use
Code:
$config['allowed_types']
, all is well. Cheers
#8

[eluser]Unknown[/eluser]
Had the same problem with not allowing jpgs to be uploaded.

I upgraded to 2.1.2 by just overwriting the system folder and it is working correctly now for me.
#9

[eluser]kanhai[/eluser]
I have tried this with version 2.1.2. It works for jpg files but for some reason it does not work for csv file.

#10

[eluser]InsiteFX[/eluser]
Instead of trying to fix all this by changing the class why not just submit an issue on it to get it fixed the right way?

CodeIgniter Bug Issues




Theme © iAndrew 2016 - Forum software by © MyBB