Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-47831

Filepicker: Improve web_image file validation by using get_imageinfo in addition to mimetypes check

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Won't Fix
    • 2.7.2, 2.8
    • None
    • Filepicker
    • None
    • MOODLE_27_STABLE, MOODLE_28_STABLE

    Description

      In testing MDLQA-7448, it requests renaming a text file and giving it a jpg extension and then to attempt to add that fake jpg file to the database. While the data is never written to the data_contents table the file is saved in files table.

      mod/data/field/picture/field.class.php checks the contents using:

      if ($file->get_imageinfo() === false) {

      and then throws an error; however, it would be better if the filepicker caught that the alleged image is not really an image and rejected the file. I suspect that the picture field data was being checked before the filepicker exists but now that it is using it it would be good if the file were never accepted as it can cause some confusion about whether the record was added to the database activity module or not.

      When non web image files are uploaded Error code: invalidfiletype in thrown - line 185 of /repository/upload/lib.php: moodle_exception thrown. If we were to check that not only is the file type correct but that the data is actually an image it would improve things by making the behavior consistent for the testing in MDLQA-7448. Peace - Anthony

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              aborrow Anthony Borrow
              David Woloszyn, Huong Nguyen, Jake Dallimore, Michael Hawkins, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: