Closed Dreytac closed 6 years ago
Thanks for the PR. However I think this shouldn't be fixed in this method as a check for tmp
is weirdly specific for the general-use mime type method. Instead we should probably fix this directly in the upload method. I have noted this for Kirby 3.
I noticed avatars weren't uploading on a Windows web server due to the "image" type not being returned despite MIME checking returning "image/**" correctly. I narrowed it down to Windows returning ".tmp" as the filename for the upload instead of the actual filename.
This is maybe a possible solution. Allowing MIME type checking on "tmp" files then allows Windows web servers to correctly categorise the file. I don't believe this lowers security at all because the actual MIME type check has to be performed.