Closed rolffujino closed 8 months ago
rolffujino
commented
8 months ago After doing further research, using $_FILES[...]['type'] is considered bad practice, it is "arbitrary, user supplied, best-guess, unreliable": https://www.php.net/manual/en/features.file-upload.php
A possible alternative to this could be: https://www.php.net/manual/en/function.mime-content-type.php
lbr38
commented
8 months ago Hi
Thanks for your suggestion, I will check this out and see to fix this in the next release.
rolffujino
commented
8 months ago @lbr38 is there any sort of ETA on the next release, you seem to be very active, so it looks like it wouldn't be too long. I don't want to pressure you, just that repomanager looks to like it could be a better fit for my debian based infrastructure than Foreman/Katello where they only support RHEL based OS for the server.
Thank you very much for your prompt replies.
lbr38
commented
8 months ago I'm active but it's not my main job, I'm not full time on this project.
I think I can release a fix this weekend ;)
rolffujino
commented
8 months ago This bug is fixed by this pull request that was merged into the devel branch: https://github.com/lbr38/repomanager/pull/123
We are PoCing the solution internally and have run into a blocker where we are unable to upload packages to a local repo.
Packages with the correct MIME type of .deb are failing to be uploaded to repomanager and shown in the image above. This issue persists in Chrome, Edge and Firefox.
I dug through the codebase and determined that repomanager is relying on the filetype from the browser and based on my investigation of the network traffic to repomanager, it does appear the filetype is wrong:
This was from Windows 11.