[pmwiki-devel] $EnableUploadMimematch and "Call to undefined function mime_content_type()"

Petko Yotov 5ko at 5ko.fr
Sat Jan 13 21:49:31 PST 2024 

To elaborate, the mime_content_type() function checks the file 
structure:

* GPX and SVG are both actually in the XML file format, so it is normal 
that such a file may be detected as XML.

* DOCX, ODT, XPI, are actually zip-compressed archives, so some 
installations might detect them as ZIP.

* DOC, DOCX, RTF, and PDF, are totally different file formats and one 
cannot be mistakenly detected as another one, even if LibreOffice will 
open them all. This is actually why I need this, because I tell users to 
upload PDFs and they just rename a DOC file to the wrong PDF extension. 
Then the file cannot be indexed, compressed, and shown in the PDF 
viewer.

* PNG is totally different from JPEG, one is NOT a variant or subset of 
the other and one CANNOT be mistakenly detected as the other. A desktop 
picture viewer may show them correctly, as well as the browser, but 
other programs may complain or fail, for example Thumblist and Mini.

I wouldn't advise to allow misnamed JPEG files with the PNG extension.

Petko

On 14/01/2024 07:03, Petko Yotov wrote:
> On 14/01/2024 02:14, Simon wrote:
>> Just further on this,
>> it seems there may be potential issues with other file types with this
>> check,
>> e.g. today I got the message
>> "_map.png_: extension 'png' doesn't match file type 'image/jpeg'"
>> In upload.php we see "'png' => 'image/png'"
> 
> Oh, in this case I suspect that was a JPEG file with the wrong PNG
> extension, and it worked as designed.
> 
> Petko
> 
>> On Wed, 27 Dec 2023 at 00:07, Petko Yotov <5ko at 5ko.fr> wrote:
>> 
>>> Thanks for the report, there was an omission in DDMU, should be
>>> fixed in
>>> 20231226, please update both ddmu.php and ddmu.js.
>>> 
>>> Unlike the core upload form, DDMU did not report the detected MIME
>>> type.
>>> Version 20231226 does, when you place the mouse over the failed file
>>> 
>>> name, it says "extension 'gpx' doesn't match file type 'text/xml'".
>>> 
>>> The detected MIME type for a GPX file appears to be text/xml. So to
>>> allow this alternative MIME type, place the following in config.php:
>>> 
>>> $EnableUploadMimeMatch = array(
>>> 'gpx'=>'!^(text/xml)$!',
>>> );
>>> 
>>> Instead of $EnableUploadMimeMatch = 1;
>>> 
>>> Alternatively, you could technically define:
>>> 
>>> $UploadExts['gpx'] = 'text/xml'; # avoid this
>>> 
>>> ...but I suspect this might cause problems when
>>> $EnableDirectDownload is
>>> disabled and the attached GPX files are used to draw lines on maps.
>>> 
>>> Petko
>>> 
>>> On 26/12/2023 10:59, Simon wrote:
>>>> in config.php I have
>>>> $UploadExts['gpx'] = 'application/gpx+xml';
>>>> and am using $EnableUploadMimeMatch
>>>> 
>>>> Now when I try to upload (a properly formed) .gpx file
>>>> DDMU gives the message 'extension "doesn't match the file type"'
>>>> (which means the check is now being called and is returning a
>>> message)
>>>> 
>>>> is there any way to determine, or to have included in the error
>>>> message, what the expected mime type is?
>>>> While many [3] references [4] on the internet state the above
>>>> (application/gpx+xml) is the mime type for .gpx files
>>>> MIME File Type Checker - HTMLStrip [5] suggests it it "text/xml",
>>> but
>>>> I think that is because it doesn't know about.gpx files
>>>> 
>>>> Others are suggested here [6].
>>>> Is it possible to add multiple values to $UploadExts?
>>>> OTOH the PmWiki documentation [1] suggests that
>>>> 
>>>> $EnableUploadMimeMatch = array(
>>>> 'csv'=>'!^(text/plain|application/csv)$!',
>>>> 'docx'=>'!^(application/encrypted)$!',
>>>> );
>>>> 
>>>> is the way to manage this issue.
>>>> 
>>>> thanks
>>>> 
>>>> Simon
>>>> 
>>>> PS
>>>> PHP: mime_content_type - Manual [7] seems to suggest the
>>>> svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
>>> [1] [3] is
>>>> the source of PHP mime types.
>>>> 
>>>> On Mon, 25 Dec 2023 at 18:57, Petko Yotov <5ko at 5ko.fr> wrote:
>>>> 
>>>>> On 25/12/2023 07:20, Simon wrote:
>>>>>> My feeling is that all uploads should be denied.
>>>>> ...
>>>>>> for safety and visibility reasons I support denying uploads
>>>>> 
>>>>> Agreed, enabled for 2.3.30, and added a new upload error message.
>>>>> 
>>>>>> When using DragDropMultiUpload the upload never finished and
>>>>>> never faulted, it just hung.
>>>>>> Is there any possibility of making this visible to the user?,
>>> e.g.
>>>>>> DDMU fail with an error,
>>>>> 
>>>>> Yes, the code I committed for 2.3.30, and the prerelease, should
>>>>> show
>>>>> the message in DDMU.
>>>>> 
>>>>> Petko
>>>>> 
>>>>>> On Mon, 25 Dec 2023 at 10:48, Petko Yotov <5ko at 5ko.fr> wrote:
>>>>>> 
>>>>>>> Apparently on Windows you need to enable the Fileinfo functions
>>>>> in
>>>>>>> php.ini, see:
>>>>>>> 
>>>>>>> https://www.php.net/manual/en/fileinfo.installation.php
>>>>>>> 
>>>>>>> I have now documented this on the UploadVariables page.
>>>>>>> 
>>>>>>> What should PmWiki do if $EnableUploadMimeMatch is enabled but
>>>>> not
>>>>>>> Fileinfo?
>>>>>>> 
>>>>>>> - Act as if $EnableUploadMimeMatch is not enabled. This would
>>>>> work
>>>>>>> as it
>>>>>>> did before, other checks will be done.
>>>>>>> 
>>>>>>> - Deny all uploads, since none can be checked.
>>>>>>> 
>>>>>>> What do you think?
>>>>>>> 
>>>>>>> Petko
>>>>>>> 
>>>>>>> On 24/12/2023 21:28, Simon wrote:
>>>>>>>> Some time ago I enabled $EnableUploadMimematch [1]
>>>>>>>> 
>>>>>>>> Recently I see
>>>>>>>> 
>>>>>>>> [25-Dec-2023 08:25:00 Pacific/Auckland] PHP Fatal error:
>>>>> Uncaught
>>>>>>>> Error: Call to undefined function mime_content_type() in
>>>>>>>> D:\Home\KiwiWiki\pmwiki\scripts\upload.php:405
>>>>>>>> Stack trace:
>>>>>>>> #0 D:\Home\KiwiWiki\pmwiki\scripts\upload.php(317):
>>>>>>>> UploadVerifyBasic()
>>>>>>>> #1 D:\Home\KiwiWiki\pmwiki\pmwiki.php(546): HandlePostUpload()
>>>>>>>> #2 D:\Home\KiwiWiki\pmwiki\pmwiki.php(533): HandleDispatch()
>>>>>>>> #3 {main}
>>>>>>>> thrown in D:\Home\KiwiWiki\pmwiki\scripts\upload.php on line
>>> 405
>>>>>>>> 
>>>>>>>> just wondering if anyone had an idea why?
>>>>>>>> 
>>>>>>>> and seasons holiday's greetings from the summery south
>>>>>>>> 
>>>>>>>> Simon
>>>>>>>> 
>> 
>> 
>> Links:
>> ------
>> [1] 
>> http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types

More information about the pmwiki-devel mailing list