Open forreggbor opened 7 years ago
What behaviour did you expect?
In my opinion the mime type verification is different than the file extension verification. I can write any kind of extension into a file name but the real content doesn't change. With mime type check the content shuold be checked. So what I expect is that if the form accept only JPG file I wouldn't be able to upload any other type of file with .jpg extension.
That is the expected behaviour but it depends on capabilities of the browser. Which browser did you use?
Google Chrome 59
and I just did a test in Firefox 54. Same result. I can upload ANY kind of file if I rename the extension to .jpg. I just uploaded an .xls file with .jpg extension and worked. The validation filter out the file only if the extension is not .jpg. It looks like the mime type validation doesn't work at all but rather works like an extension validation. Could it be possible or am I do somwthing wrong?
I did one more test with IE11. Same result. Summary of the my tests: Chrome 59, Firefox 54 on Linux and Windows 7 and 10: FAIL IE11 on Windows 7: FAIL
Great, I'll look into it 👍
You simply can't trust the mime type reported by the browser. https://stackoverflow.com/questions/1201945/how-is-mime-type-of-an-uploaded-file-determined-by-browser
I'll mark this as an improvement request since this validator actually can inspect the bytes of the file to determine the correct mime type (more can be read about this subject here: https://stackoverflow.com/questions/18299806/how-to-check-file-mime-type-with-javascript-before-upload)
If I rename a PNG file's extension from .png to .jpg and using the following input field to validate then it accept as valid JPG file. If I rename back to .png then it refuse as it is not a jpg. I attached the PNG file.
<input type="file" data-validation="mime" data-validation-allowing="jpg" name="dailyfile" id="dailyfile" class="dailyfile_input form-control">