CsvMimeDetector plugin results in false positives

Created on 13 November 2024, 9 days ago

Problem/Motivation

It appears that the csv_mimedetector (\Drupal\mimedetect\Plugin\MimeDetector\CsvMimeDetector) plugin will return 'text/csv' for at least some files that are not CSV files.

I know this module is not exactly being maintained anymore, but I thought I'd create this issue so that others can benefit.

Steps to reproduce

Download the attached basic.hta_.csv file
Enable mimedetect
Upload into your Drupal appliaction
Note that the file is accepted instead of rejected by mimedetect

Proposed resolution

We need a better method to detect CSV files, or the plugin should be removed in favor of PHP file info or the UNIX File command. Those methods are reliably detecting that the included basic.hta_.csv file is not in fact a CSV file.

For our web apps, we are using hook_mime_detector_info_alter to remove the plugin:

function mymodule_mime_detector_info_alter(array &$info) {
  if (isset($info['csv_mimedetector'])) {
    unset($info['csv_mimedetector']);
  }  
}

🐛 Bug report

Status

Active

Version

1.0

Component

Code

Created by

🇺🇸United States JonMcL Brooklyn, NY

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @JonMcL
Comment 9 days ago →
🇺🇸United States JonMcL Brooklyn, NY
Comment 9 days ago →
🇺🇸United States JonMcL Brooklyn, NY

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024