Forum
In paranoid mode, images not uploading if they have uppercase file extensions
I have a similar problem to the one discussed in this forum thread: https://forum.grabaperch.com/forum/08-24-2017-assets-cannot-upload-file-extension-type
If I try to upload an image with an uppercase file extension (.JPG), it fails. Many of my clients want to upload photos taken on iPhones and iPads, where the default file extension is uppercase .JPG, so this is a serious issue for them. Changing the extension on the same file to lowercase, allows the file to be uploaded - but I don't want my clients to have to manually edit the file extension on all their photos.
I'm using Paranoid mode. If I turn off verification of uploads in config.php, files with uppercase extensions will upload:
define('PERCH_VERIFY_UPLOADS', false);
But presumably there is now no verification at all of uploaded files - I don't feel comfortable setting up all my sites like this.
I believe fileinfo is enabled and working on my hosting account.
A bit more background information:
- I'm using a very simple image template:
<img src="<perch:content type="image" id="image" label="Image" width="960" />" class="cms_image <perch:content id="image_alignment" type="select" label="Choose how to align this image (optional)" options="default align left|, centre|centre, float right|float_right" />" alt="<perch:content type="smarttext" id="alt" label="Description" required="true" help="e.g. Photo of XYZ" title="true" escape="true" />">
- Checked fileinfo is enabled - here's what phpinfo shows:
fileinfo fileinfo support: enabled version 1.0.5 libmagic 522
- To test fileinfo, I uploaded a couple of images by FTP to my server, one with lower case extension and one with uppercase. Then tested fileinfo using this test script:
<?php
$finfo = new finfo;
$file1 = "/home/...ACCOUNT NAME.../public_html/scooter.jpg";
$file2 = "/home/...ACCOUNT NAME.../public_html/sailing.JPG";
$fileinfo1 = $finfo->file($file1, FILEINFO_MIME);
$fileinfo2 = $finfo->file($file2, FILEINFO_MIME);
echo "file 1 is: " . $file1 . "<br>";
echo "fileinfo for file 1: " . $fileinfo1 . "<br>";
echo "file 2 is: " . $file2 . "<br>";
echo "fileinfo for file 2: " . $fileinfo2;
?>
Here's the result:
file 1 is: /home/...ACCOUNT NAME.../public_html/scooter.jpg fileinfo for file 1: image/jpeg; charset=binary file 2 is: /home/...ACCOUNT NAME.../public_html/sailing.JPG fileinfo for file 2: image/jpeg; charset=binary
So it looks like fileinfo is working and is correctly recognising both test images as type image/jpeg even though one has an uppercase file extension.
- filetypes.ini I've added .JPG to the webimage group as follows:
[webimage]
image/gif
image/jpeg
image/jpg
image/JPG
image/png
image/svg+xml
image/webp
Is this even necessary?
I've tried using Asset Manager and also with Asset Manager disabled - neither works
Contacted my hosting provider - Krystal - who are generally pretty switched on. They can't see any problem with how fileinfo is working, but they're happy to investigate further if someone can suggest what they need to do.
Has anyone got this working so images with uppercase extensions will upload in Paranoid mode? I'd be grateful for any help.
Diagnostics:
Perch: 3.0.8, PHP: 7.0.24, MySQL: 10.0.31-MariaDB, with PDO
Server OS: Linux, litespeed
Installed apps: content (3.0.8), assets (3.0.8), categories (3.0.8), perch_forms (1.9.1)
App runtimes: <?php $apps_list = [ 'perch_forms', ]; ?>
PERCH_LOGINPATH: /cms
PERCH_PATH: /home/krystaltestco/public_html/cms
PERCH_CORE: /home/krystaltestco/public_html/cms/core
PERCH_RESFILEPATH: /home/krystaltestco/public_html/cms/resources
Image manipulation: GD
PHP limits: Max upload 100M, Max POST 100M, Memory: 1024M, Total max file upload: 100M
F1: 0c66c2e1f82f9e0b7617b2cb8270f2c7
Resource folder writeable: Yes
HTTP_HOST: krystaltest.test-interact.co.uk
DOCUMENT_ROOT: /home/krystaltestco/public_html
REQUEST_URI: /cms/core/settings/diagnostics/
SCRIPT_NAME: /cms/core/settings/diagnostics/index.php
MIME types aren't related to file extensions, so the case of the file extension has no baring on the case of the MIME type.
We do verify the file name against OWASP recommendations, but that allows for a mix of upper and lowercase characters. The regex used is:
Does that match successfully against your file names?
What does the failure look like?
Apologies for not replying - I was away from work for over a week.
Regex: A sample filename is scooter.JPG, which matches your regex. There's nothing fancy about the filenames - it's just that they won't upload if they have uppercase extensions.
What does failure look like: Using image template shown above, I get "Content successfully updated" message in admin. But no thumbnail displayed. In the front-end of the website, I see the image alt text but no image.
We'll see what we can find out.
I see that Perch has a list of mime types with acceptable extensions at: perch/core/data/mime.types
The line for jpeg images is:
If I amend this to:
images with uppercase extension .JPG will now upload.
I'm assuming this list of extensions is only checked if the site uses Paranoid mode.
I can fix my problem by editing this line. But it will get over-written on updating Perch.
Would you consider amending this core file? Or making the check of the file extension not case-sensitive?
Thanks again.
I think we've made the appropriate change in 3.0.14 for file extensions to be compared in lowercase.
Thanks for the update. I'll check it out when it's available.