• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
File Upload Class - MIME type detection error - 2.1.0

#1
[eluser]Unknown[/eluser]
There is a bug with the File Upload Class in the _file_mime_type function.

1. Uploading any image with the following config would generate the error 'The filetype you are attempting to upload is not allowed.':

Code:
$config = array(
'upload_path' => './uploads/',
'allowed_types' => 'gif|jpg|png'
);
  
$this->load->library('upload', $config);


2. Changing 'allowed_types' to '*' allows the file to be uploaded, however the upload data array ( $this->upload->data() ) contains an error:

Code:
[file_type] => cannot open `' (no such file or directory)

3. Looking at system/libraries/Upload.php , Line 1058 tries to use an array value that does not exist.

Code:
@exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code);

Changed to:

Code:
@exec('file --brief --mime-type ' . escapeshellarg($file['tmp_name']), $output, $return_code);

This seems to detect the proper MIME type.

----

System Info: PHP 5.2.11 (MAMP 1.0) - Mac OS X 10.6.8

#2
[eluser]Unknown[/eluser]
isn't it too risky?? what if someone upload not image file... if someone try too hacking with this hole... i don't know what to do about this...
but while I chose the first answer where the file type change to *... thx for sharing...

#3
[eluser]CocoMansur[/eluser]
[quote author="victorche" date="1322829005"]Anyway... The guy, who made some changes in the upload class, gave me a fix for my problem. It appears on Windows machines, when sometimes mime_content_type returns false. And the fix is like this... On line 1058 (/system/libraries/Upload.php):
Code:
$this->file_type = @mime_content_type($file['tmp_name']);
return;
Replace with:
Code:
$this->file_type = @mime_content_type($file['tmp_name']);
if (strlen($this->file_type) > 0) return;
I can not say if this fix is a good solution, but anyway it works great for me. So maybe some of the developers can give us a hint here.

Edit: This is the fix, with the pull request on GitHub from my friend:
https://github.com/EllisLab/CodeIgniter/pull/733[/quote]

Thanks for this fix, this worked for me, i applied the first fix but i was still having problem when uploading a file that is allowed on my config.

I applied the first fix with this fix and now it works.

Thanks. hopefully they will fix this issue on the next version.

#4
[eluser]StickGrinder[/eluser]
Just in case someone else has this error and above solutions don't work:

I'm running CI 2.1 (vanilla) on PHP 5.3.10 - (mod_php, Ubuntu server) and the error persists.
Figured out that in system/libraries/Upload.php, from line 597 the following code

Code:
$ext = strtolower(ltrim($this->file_ext, '.'));

        if ( ! in_array($ext, $this->allowed_types))
        {
            return FALSE;
        }

invariabily fails, since for what I think is a bug in PHP, $ext value before the if statement is correct, while after the if statement (and during it, it seems), it changes.

To check this out try this:

Code:
$ext = strtolower(ltrim($this->file_ext, '.'));

        echo var_dump($ext);

        if ( ! in_array($ext, $this->allowed_types))
        {
            die(var_dump($ext));
            return FALSE;
        }

Changing the variable name to $fext across all class did the trick for me: the value remains untouched.

EDIT: I lied! It fails equally. The ONLY viable solution I found is to use a constant instead. AWFUL solution follows!


Code:
define('ULFEXT', strtolower(ltrim($this->file_ext, '.')));

        if ( ! in_array(ULFEXT, $this->allowed_types))
        {
            return FALSE;
        }

        $ext = ULFEXT;

Thanks PHP. And if someone is thinking about testing out some other framework, my advice is to frog-leap to another language too. Tongue meh.

#5
[eluser]Binod Kumar Luitel[/eluser]
Update to stable version for this issue's fix:
https://github.com/EllisLab/CodeIgniter/tree/2.1-stable

#6
[eluser]Unknown[/eluser]
This is still a problem even with the latest update to Upload.php. I'm using the library to upload document files, no images are allowed.
Code:
$config['allowed_types']  = 'doc|docx|txt|rtf|pdf';

I can upload all but the docx file types. When I dump the contents of
Code:
$this->upload->data()
the file_type always equals '' no matter what type of file is uploaded.

When uploading docx files I get a wrong file type error.

#7
[eluser]Unknown[/eluser]
I as well am still encountering these problems with the latest CI.

In fact, I tried doing
Code:
$config['allowable-types'] = '*';
, so that all filetypes are allowed, but it still complains that my file is not an allowed type.

Edit: I stand corrected, my problems are solved. I am supposed to use
Code:
$config['allowed_types']
, all is well. Cheers

#8
[eluser]Unknown[/eluser]
Had the same problem with not allowing jpgs to be uploaded.

I upgraded to 2.1.2 by just overwriting the system folder and it is working correctly now for me.

#9
[eluser]kanhai[/eluser]
I have tried this with version 2.1.2. It works for jpg files but for some reason it does not work for csv file.


#10
[eluser]InsiteFX[/eluser]
Instead of trying to fix all this by changing the class why not just submit an issue on it to get it fixed the right way?

CodeIgniter Bug Issues


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.