Change Mahara's content-sniffing to match the WHATWG standard
Bug #1564715 reported by
Aaron Wells
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mahara |
Confirmed
|
Wishlist
|
Unassigned | ||
Bug Description
WHATWG (Web Hypertext Application Technology Working Group) is basically the official specification organization for HTML5. They've written up some specifications about the correct & secure way that HTTP clients & servers ought to deal with file content types aka MIME types: https:/
Revision history for this message
| Aaron Wells (u-aaronw) wrote | #1 |
| Changed in mahara: | |
| milestone: | none → 16.10.0 |
| status: | New → Confirmed |
| Changed in mahara: | |
| milestone: | 16.10.0 → 16.10.1 |
| Changed in mahara: | |
| milestone: | 16.10.1 → 17.04.0 |
| Changed in mahara: | |
| importance: | Undecided → Medium |
| milestone: | 17.04.0 → 17.10.0 |
| Changed in mahara: | |
| milestone: | 17.10.0 → 18.04.0 |
| Changed in mahara: | |
| milestone: | 18.04.0 → 18.10.0 |
| Changed in mahara: | |
| milestone: | 18.10.0 → 19.04.0 |
| Changed in mahara: | |
| importance: | Medium → Wishlist |
| milestone: | 19.04.0 → none |
To post a comment you must log in.
For comparison, Mahara's current system is basically:
1. Examine the file suffix of the file and see if it matches one in our list
2. If that doesn't work, try it using the PHP finfo() command (which relies on libmagic's "magicdb" file)
3. If finfo is not available, or we can't find the magicdb file, try it using the PHP mime_content_type() command (which relies on the system's "magic.mime" file.
4. If that doesn't work, return the generic "application/
We also try to mitigate the possible threat posed by incorrect Mimetypes, by adding "Content-