check for mime type is too specific
mprins opened this issue · 2 comments
On Windows XP using Google Chrome version 19.0.1084.56 m the upload form is sent with application/octetstream as mime type, this causes the check for mime type (https://github.com/garlik-gag/dokuwiki-plugin-odt2dw/blob/master/odt2dw/action.php#L284) to fail as it only checks for application/vnd.oasis.opendocument.text
Apparently Chrome on Windows does not know about .odt, I have not tested other browsers, but when I comment out this line the upload and processing succeeds.
I think it would be good to check for application/octetstream as well and consider this valid (even though this opens the door for other types of files, on windows the mime type is only determined by the file extension so people can upload anything invalid anyway), the other option may be to make this a config option..
Hi, thanks for your return, translations and corrections.
I change the mimetype control by a config option string and a strpos control.
About security, there are others controls which verifies that we are dealing with an odt file or something like an odt file (it's a zip file with a content.xml file ...). If it not, the file will be deleted.
I make some changes and add a security rules :
- someone who can't upload file can't store the file in the wiki (just parse it as a wiki page without picture and other attached file).
I upload the new version tonight.
yeah, I'm not too worried about wrong/invalid uploads either.