joomla-cms
joomla-cms copied to clipboard
joomla
MediaHelper: proper check if file is an image (#42105)
Pull Request for Issue #42105.
Summary of Changes
- Changed
MediaHelper.phpto properly check if the uploaded file is actually an image, instead of assumingtrue.
Testing Instructions
Upload a PDF file to the media library, this should work properly. Uploading images will also still work fine in accordance with previous behavior.
Actual result BEFORE applying this Pull Request
Uploading a PDF fails, providing an unhelpful error to the user. When checking the request in within the browser the message is along the lines of "This is not a valid image".
Expected result AFTER applying this Pull Request
Uploading a PDF works fine, uploading images still follows the previous behavior.
Link to documentations
Please select:
-
[ ] Documentation link for docs.joomla.org:
-
[x] No documentation changes for docs.joomla.org needed
-
[ ] Pull Request link for manual.joomla.org:
-
[x] No documentation changes for manual.joomla.org needed
After some digging it appears that this error occurs if the exif extension is not loaded.
A simple test script to get the MIME type from a blank PDF file yielded this result:
getimagesize: unknown (false)
exif_imagetype: application/octet-stream
Meaning this problem will not occur if the exif extension is loaded, since it will return application/octet-stream. (Which is properly detected further down in the function.)
If exif is not loaded it will fail, since the MediaHelper will assume that the file is always an image and just gives up after trying getimagesize() due to the way the way the if statement within this function is structured.
Some history https://github.com/joomla/joomla-cms/issues/16086
Which should have been fixed with https://github.com/joomla/joomla-cms/pull/16091
Some history #16086
Which should have been fixed with #16091
@brianteeman Yes, but that code has been modified meanwhile. In PR #16091 it was checked if the file name extension is in the allowed list for images, $params->get('image_extensions'), and if that was the case, the static::getMimeType method was called with value true for the $isImage parameter.
That was right, and that's why it worked with that PR.
But later the code was changed so it uses the list of allowed file name extensions for uploads, which can also be e.g. a video or a PDF file:
params->get('restrict_uploads_extensions', 'bmp,gif,jpg,jpeg,png,webp,ico,mp3,m4a,mp4a,ogg,mp4,mp4v,mpeg,mov,odg,odp,ods,odt,pdf,png,ppt,txt,xcf,xls,csv')
The static::getMimeType method then checks with EXIF only when that parameter has value true, but that would fail for a video or PDF file:
https://github.com/joomla/joomla-cms/blob/4e36f775954e62fa3dde7083ae0c79f144544944/libraries/src/Helper/MediaHelper.php#L92-L96
So to me the change made by this PR here seems to be right. It replaces the hard-coded true value by the result of the static::isImage call, which does nothing else than checking the file name extension again for valid values for images.
I have tested this item :white_check_mark: successfully on fde2fe859c7fec019fe2af2588f60dad79f23663
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43345.
Uploading a PDF fails, providing an unhelpful error to the user
The fix for unhelpful message is there https://github.com/joomla/joomla-cms/pull/38536
Hm, the getMimeType() should not care about isImage, it should read the file mime for any file, regardless its type.
But that another issue.
As for now the PR is okay.
I have tested this item :white_check_mark: successfully on fde2fe859c7fec019fe2af2588f60dad79f23663
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43345.
r2c
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43345.
