- ๐ญ๐บHungary mxr576 Hungary
Maybe it is time to get back to this issue after file handling related APIs have improved in core recently.
- ๐ซ๐ทFrance prudloff Lille
We could have a look at how WordPress handles this: https://developer.wordpress.org/reference/functions/wp_check_filetype_an...
They maintain a list of file extensions and corresponding MIME types. (This list can be altered with hooks.)
When a file is uploaded, its MIME type is detected with fileinfo and WP checks if this type is allowed in the current context. If there is mismatch between the type and the extension, the file is renamed to use the proper extension for the detected type.So I guess we could do something similar: use FileinfoMimeTypeGuesser to check the MIME type and then use our MIME type mapping to check if it corresponds to an allowed file extension.
- ๐ฆ๐บAustralia kim.pepper ๐โโ๏ธ๐ฆ๐บSydney, Australia
See also ๐ Separate MIME type mapping from ExtensionMimeTypeGuesser Needs work Not sure about the automatic extension change tho.
- ๐ซ๐ทFrance prudloff Lille
Not sure about the automatic extension change tho.
I agree, we could simply refuse the file if the detected content type does not match an allowed extension.
- ๐ฆ๐บAustralia kim.pepper ๐โโ๏ธ๐ฆ๐บSydney, Australia
Currently we default to application/octet-stream if we can't determine the mime type. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/MIME_types#appl...
Any kind of binary data that doesn't fall explicitly into one of the other types;
- ๐ซ๐ทFrance andypost
Related is commited ๐ Separate MIME type mapping from ExtensionMimeTypeGuesser Needs work
