Changes between Initial Version and Version 1 of Ticket #39550, comment 101
- Timestamp:
- 02/14/2017 11:14:45 PM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #39550, comment 101
initial v1 4 4 > What we don't want to do is make `$mime_to_ext` a blanket whitelist of mime-to-extension possibilities. 5 5 6 Definitely. I'm not suggesting making `$mime_to_ext` a blanket whitelist, but the point of that particular block of code is to try and generate web-able images where it can. That doesn't apply to any file types outside `$mime_to_ext`. Because the outer check ("image/*") is looser than the inner (the `$mime_to_ext` list), anything outside of thatwill be irrevocably failed.6 Definitely. I'm not suggesting making `$mime_to_ext` a blanket whitelist, but the point of that particular block of code is to try and generate web-able images where it can. That doesn't apply to any file types outside `$mime_to_ext`. Because the outer check ("image/*") is looser than the inner (the `$mime_to_ext` list), anything in between will be irrevocably failed. 7 7 8 8 If an upload doesn't match the `$mime_to_ext` list, it is outside the purview of that particular challenge and should be passed down the chain to `finfo` and eventually `upload_mimes`.