search

yiisoft / yii2

Yii 2: The Fast, Secure and Professional PHP Framework
http://www.yiiframework.com
BSD 3-Clause "New" or "Revised" License
14.22k stars 6.92k forks source link

Allow multiple mime types per extension in file validation #20207

Open skepticspriggan opened 1 month ago

skepticspriggan commented 1 month ago

What steps will reproduce the problem?

The majority of files have only one mime type per extension, however, some files do have different mime types per extension.

For example, I have come across .msg files with mime type application/vnd.ms-office or application/vnd.ms-outlook. Another case is .eml files with mime type message/rfc822 or text/plain. Unfortunately, I cannot enclose these emails since it would breach confidentiality.

When these files are validated, one of the files will be unintentionally marked as invalid.

The check can be disabled by setting the checkExtensionByMimeType property of framework/validators/FileValidator to false, however, this is less safe.

What is the expected result?

FileValidator supports multiple mime types per extension when checkExtensionByMimeType is enabled.

What do you get instead?

FileValidator does not support multiple mime types per extension.

Additional information

The values of the array in framework/helpers/mimeTypes.php will be allowed to be an array of strings by adjusting framework/validators/FileValidator.php#L386-L397.

Q A
Yii version 2.0.50
PHP version NA
Operating system NA
skepticspriggan commented 1 month ago

I am willing to contribute this feature if you are open to support it.

terabytesoftw commented 1 month ago

If it is a valid case, if the implementation is not BC, there would be no problem.