Mime-type recognition fails for file uploads when Mahara behind reverse proxy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Richard Mansfield | ||
1.2 |
Fix Released
|
High
|
Richard Mansfield |
Bug Description
When Mahara is hosted behind a reverse proxy, files uploaded are not recognized as their proper types. For example: if I go to "My Portfolio" and "My Files" to upload an gzip file, the file will upload properly but will not be properly recognized as being an archive. The result is that the generic file icon is used and the "Unzip" link is not displayed.
After looking at the code, I can see that Mahara is depending on the browser to send the proper mime-type when the file is uploaded. In our case, this value is being set to a generic value (application/
public static function new_archive($path, $data) {
if (!isset(
return self::archive_
}
$validtypes = self::archive_
if (isset(
return self::archive_
}
return false;
}
This code checks for a mime-type first (sent by the browser) and if it finds one, assumes that it is correct. Perhaps it would be better if the code tried to determine the mime-type using the file extension in the case where the browser sends "application/
public static function new_archive($path, $data) {
if (!isset(
return self::archive_
}
if ($data->filetype == "application/
$result = self::archive_
return $result;
}
$validtypes = self::archive_
if (isset(
return self::archive_
}
return false;
}
When I make this change, everything works properly for me.
Changed in mahara: | |
assignee: | nobody → Richard Mansfield (richard-mansfield) |
milestone: | none → 1.3.0 |
Changed in mahara: | |
importance: | Undecided → High |
status: | New → In Progress |
Changed in mahara: | |
status: | In Progress → Fix Committed |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
Hi Damien,
Your patch looks fine, I haven't actually applied it though, because I needed to fix this in another way, and I thought it best to avoid messing around trying to open up every single file with zip_read, etc. to see if it's a zip/tar archive.
There are lots of complaints on the forums about the mime_content_type function not being available, and that's what we were using to guess mimetypes when the browser was giving us nothing. I've hopefully done a better job this time by testing every uploaded file first with PHP's fileinfo, then using mime_content_type, and then if that fails, making a guess based on the filename extension.
So I'm hoping now (current head of master and 1.2.x) that archives, images, and other kinds of files will be recognised more reliably as soon as they're uploaded, even when your reverse proxy is being unkind.
Richard