Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix detecting text/x-php mimetype and secure mimetype mapping #22646

Merged
merged 2 commits into from
Sep 8, 2020
Merged

Fix detecting text/x-php mimetype and secure mimetype mapping #22646

merged 2 commits into from
Sep 8, 2020

Conversation

juliusknorr
Copy link
Member

@juliusknorr juliusknorr commented Sep 7, 2020
edited
Loading

Steps to reproduce

  • Have a server that returns text/x-php instead of application/x-php as a mimetype for php files
file --mime-type version.php 
version.php: text/x-php
  • Try to block access control by mimetype

Before:

The mimetype was always detected as application/octet-stream as text/x-php was never part of the secure mime type list.

After:

text/x-php is a valid mimetype to be returned by detectContent. Now this PR is however kind of a hack since we abuse the secure mime fallback to actually also detect changes there. Ideally this would be an individual entry in https://github.com/nextcloud/server/blob/16b981735895424dd2d59707af87716c0e04d363/resources/config/mimetypemapping.dist.json but there is no way to extend the json without breaking changes since it still uses the file extension as a key for the entries. Also having both the secure and insecure mapping to the secure mimetype seems to be more sane than just the insecure mapping.

Proposal

For a breaking change we could pull out the insecure->secure mimetype mapping to a separate file and just use mimetypemapping.dist.json for a list of all trusted mimetypes. mimetypealiases.json will not fit for this since it is only for mapping to simplified filetypes which are used for icons, so all code files e.g. will be "text/code"

@juliusknorr juliusknorr added bug 3. to review Waiting for reviews labels Sep 7, 2020
@juliusknorr juliusknorr added this to the Nextcloud 20 milestone Sep 7, 2020
@juliusknorr juliusknorr changed the title Bugfix/mimetype mapping Fix detecting text/x-php mimetype and secure mimetype mapping Sep 7, 2020
@juliusknorr juliusknorr requested a review from kesselb September 7, 2020 14:54
@rullzer rullzer mentioned this pull request Sep 8, 2020
Merged
13 tasks
@rullzer rullzer merged commit 919a8d4 into master Sep 8, 2020
@rullzer rullzer deleted the bugfix/mimetype-mapping branch September 8, 2020 08:41
@nickvergessen
Copy link
Member

/backport to stable19

@nickvergessen
Copy link
Member

/backport to stable18

This was referenced Sep 9, 2020
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen left review comments

@rullzer rullzer rullzer approved these changes

@MorrisJobke MorrisJobke MorrisJobke approved these changes

@blizzz blizzz Awaiting requested review from blizzz

@kesselb kesselb Awaiting requested review from kesselb

Assignees
No one assigned
Labels
3. to review Waiting for reviews bug
Projects
None yet
Milestone
Nextcloud 20
Development

Successfully merging this pull request may close these issues.
4 participants
@juliusknorr @nickvergessen @rullzer @MorrisJobke