search

Blobfolio / righteous-mimes

A comprehensive MIME and file extension tool for PHP. Finally!
Do What The F*ck You Want To Public License
2 stars 0 forks source link

DMG files rejected for security reasons #3

Closed rread closed 3 years ago

rread commented 3 years ago

I have enabled the dmg extension using wp-extra-file-types, however, I still get "for security reasons" error. The error message in the blog-mime debugger is "Error: The file type could not be determined.". Is there another place file types is being checked after uploading? 

VALIDATION:
  Naive Name: CroptPlugin.dmg
  Naive Extension: dmg
  Naive Type: application/x-apple-diskimage
  Magic Type: application/zlib
  Best Type: 

FINAL:
  Name: CroptPlugin.dmg
  Extension: 
  Type: 
  Code: 64

SYSTEM:
  Kernel: Linux ip-172-26-12-143 4.19.0-9-cloud-amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64
  PHP: 7.3.18
  Modules: Core; PDO; Phar; Reflection; SPL; SimpleXML; Zend OPcache; bcmath; bz2; calendar; cgi-fcgi; ctype; curl; date; dom; exif; fileinfo; filter; ftp; gd; gettext; gmp; hash; iconv; imagick; imap; intl; json; ldap; libxml; mbstring; mysqli; mysqlnd; openssl; pcntl; pcre; pdo_mysql; pdo_sqlite; posix; readline; session; soap; sockets; sqlite3; standard; tidy; tokenizer; xml; xmlreader; xmlrpc; xmlwriter; xsl; zip; zlib
  WordPress: 5.5.3
  Plugins:  [1.7.2]; 99robots-header-footer-code-manager [1.1.8]; blob-mimes [1.1.9]; elementor [3.0.13]; elementor-pro [3.0.6]; fastspring [3.0.0]; rank-math [1.0.52.2]; wp-extra-file-types [0.4.4.1]; wp-mail-smtp [2.5.1]; wp-statistics [12.6.13]
  Theme: hello-elementor [2.3.0]
joshstoik1 commented 3 years ago

Thanks for the report, @rread!

I tested a few miscellaneous .dmg files under a few different PHP environments, and all of them came up application/zlib as well, presumably because that's how the archives are actually compressed.

Anyhoo, I updated the alias list accordingly and pushed a new Lord of the Files release (1.2.0).

When you have a moment, would you please upgrade the plugin and try your file again? If the update did the trick, let me know and I'll close out this ticket. :smile:

rread commented 3 years ago

Thanks, @joshstoik1, that was fast. I updated to 1.2 and confirmed the fix. I can upload disk images now, so all good.

joshstoik1 commented 3 years ago

Woo! Thank you for reporting back so quickly. :wink: