Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-47831

Filepicker: Improve web_image file validation by using get_imageinfo in addition to mimetypes check

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 2.7.2, 2.8
    • Fix Version/s: None
    • Component/s: Filepicker
    • Labels:
      None
    • Affected Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE

      Description

      In testing MDLQA-7448, it requests renaming a text file and giving it a jpg extension and then to attempt to add that fake jpg file to the database. While the data is never written to the data_contents table the file is saved in files table.

      mod/data/field/picture/field.class.php checks the contents using:

      if ($file->get_imageinfo() === false) {

      and then throws an error; however, it would be better if the filepicker caught that the alleged image is not really an image and rejected the file. I suspect that the picture field data was being checked before the filepicker exists but now that it is using it it would be good if the file were never accepted as it can cause some confusion about whether the record was added to the database activity module or not.

      When non web image files are uploaded Error code: invalidfiletype in thrown - line 185 of /repository/upload/lib.php: moodle_exception thrown. If we were to check that not only is the file type correct but that the data is actually an image it would improve things by making the behavior consistent for the testing in MDLQA-7448. Peace - Anthony

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              aborrow Anthony Borrow
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: