File Upload Class ignoring config [solved] -CI Upload class function is_image() ignores mimes.php

[eluser]Chris Newton[/eluser]

Code:

$config['allowed_types'] = 'png';
$config['max_size']    = '1000';
$config['max_width']  = '10';
$config['max_height']  = '10';
        
$this->load->library('upload',$config);

So, when I upload a 100x100px JPG, no errors are displayed, even though the file's of the wrong type, and sizes are incorrect.

When I upload a 1011 kb file, the max_size error is reported.... so... why is one type error reported, and not the other?

[eluser]Chris Newton[/eluser]
It's not ignoring config. GD2 (or whatever that image library is) doesn't identify application/octet-stream as an image, and so is not gathering the width, height, etc, therefore silently failing.

Now I'll have to figure out how to make GD2 recognize application/octet-stream as an image format..., or something.

[eluser]Chris Newton[/eluser]
The upload class uses a function called: is_image() to ascertain whether or not something is a PNG or JPG or GIF. That function contains its own mime descriptors, rather than using those set in mimes.php. In my case, I was using application/octet-stream (because swfupload sets that as the filetype for uploads) in the mimes.php file, which was getting ignored by the is_image function... therefore it wasn't returning any image data, because the upload class didn't think my file was an image.

[eluser]Chris Newton[/eluser]

Code:

<?php if (!defined('BASEPATH')) exit('No direct access allowed.');
/*****
  * This class extends the upload class to correctly pass mime types from mimes.php to is_image function
  * @author     Chris Newton
  * @email      [email protected]
  * @filename   MY_Upload.php
  * @title      is_image correction
  * @url        http://barrettnewton.com
  * @version    1.0
  *****/
class MY_Upload extends CI_Upload{
    function __construct() {
        parent::CI_Upload();
    }
    function is_image()
    {
        // IE will sometimes return odd mime-types during upload, so here we just standardize all
        // jpegs or pngs to the same file type.

        //$png_mimes  = array('image/x-png');
        //$jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg','application/octet-stream');
        $png_mimes=$this->mimes_types('png');
        $jpg_mimes=$this->mimes_types('jpg');
        $jpeg_mimes=$this->mimes_types('jpeg');
    
        if (in_array($this->file_type, $png_mimes))
        {
            $this->file_type = 'image/png';
        }
    
        if (in_array($this->file_type, $jpeg_mimes)||in_array($this->file_type, $jpg_mimes))
        {
            $this->file_type = 'image/jpeg';
        }

        $img_mimes = array(
                            'image/gif',
                            'image/jpeg',
                            'image/png',
                           );

        return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE;
    }
}
?>

[eluser]Chris Newton[/eluser]
Derek Jones considers the current implementation correct for security purposes:

quote:

"Validating an image based on application/octet-stream is rather dangerous. is_image() uses its own qualifiers based on real-world needs of browsers and security for uploading images.

I would recommend in your case that you extend the Upload class and replace is_image() with your own method if you wish to be more liberal with what you accept as being a valid image."

If you plan to use SWFUPLOAD and want to attempt to validate width, height, etc of the uploaded file, you'll need to use the upload extension above to use mime types set in mimes.php, or hardcode your own mimetypes to suit.

[eluser]kallus[/eluser]
I wrote some code that uses fileinfo to give files with mime type application/octet-stream a more specific mime type, maybe someone finds it useful. http://ellislab.com/forums/viewthread/81308/

[eluser]hybriid[/eluser]
just in case anyone else is stuck with the error "path does not appear to be valid"...look here http://ellislab.com/forums/viewthread/80481/

[eluser]mglinski[/eluser]
Same problem with me like 4 months ago. Fixed the issue in 10 mins, just override the is_image function and insert your own.
-Matt

[eluser]Chris Newton[/eluser]
Right... which is what I did. Above.