Description
Describe the bug
if i try to upload a docx file with this code:
helper(['form', 'url']);
if (isset($_FILES['file-1'])) {
$strInputFileName = "file-1";
} else {
$strInputFileName = "file-2";
}
$input = $this->validate([
'file' => [
'uploaded['.$strInputFileName.']',
'mime_in['.$strInputFileName.',image/jpg,image/jpeg,image/png,application/pdf,application/msword,application/msword,application/excel,application/x-excel,application/vnd.openxmlformats-officedocument.wordprocessingm,application/octet-stream,application/vnd.openxmlformats-officedocument.wordprocessingml.document,application/vnd.openxmlformats-officedocument.spreadsheetml.sh,application/vnd.ms-excel,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet]',
'max_size['.$strInputFileName.',25048000]',
]
]);
if (!$input) {
$data = array('error' => "Errore: Non è possibile salvare il file nel sistema. Controllare dimensioni massime e estensione dello stesso: ".print_r($_FILES['file-1'], true));
echo json_encode($data);
} else {
if($files = $this->request->getFiles())
{
foreach($files[$strInputFileName] as $file)
{
if ($file->isValid() && ! $file->hasMoved())
{
$mime_file = $file->getMimeType();
$newName = $file->getRandomName();
$file->move(WRITEPATH.'uploads', $newName);
$name = $file->getName();
echo json_encode(array("data" => $name));
} else {
$data = array('error' => "Errore: Tipo file non valido, il file è stato rimosso.");
echo json_encode($data);
}
}
} else {
$data = array('error' => "Errore: Nessun file inviato. Riprovare nuovamente.");
echo json_encode($data);
}
}the extection of the new filename generated with $file->getRandomName() is .csv
if i try to get mimetype with $file->getMimeType(); it return right: application/vnd.openxmlformats-officedocument.wordprocessingml.document but in getRandomName() the mimetype detected is: application/octet-stream
i think that the problem is here: vendor\codeigniter4\framework\system\HTTP\Files\UploadedFile.php
/**
* Attempts to determine the best file extension.
*
* @return string|null
*/
public function guessExtension(): string
{
return Mimes::guessExtensionFromType($this->getClientMimeType(), $this->getClientExtension()) ?? $this->getClientExtension();
}For now i resolve in a dummy mode.
I have added this mimetype: application/octet-stream in this file: app\Config\Mimes.php in every extension that now don't work. But in this way there is no securoty
CodeIgniter 4 version
Version 4.0.4
Affected module(s)
CodeIgniter\Files;
Expected behavior, and steps to reproduce if appropriate
Simple try to upload a docx file and than randomize the name. The name will be .csv and not .docx
Excpected: a random name with .docx in extension.
Context
- OS: [Windows 10]
- Web server [Apache]
- PHP version [7.3.*]
Activity