Closed
Bug 295432
Opened 20 years ago
Closed 20 years ago
Bogus file name extensions fool Firefox into sending wrong MIME type in HTTP POST
Categories
(Firefox :: File Handling, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 295431
People
(Reporter: simon.donovan, Unassigned)
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
This bug relates to uploading files using HTTP POST and the incorrect reporting
of MIME types.
MIME types for file uploads in Firefox are based on file name extensions.
e.g. The file 'info.txt' will be given the 'text/plain' MIME type and the
file 'picture.jpg' will be given the 'image/jpeg' MIME type.
If a rogue user renames 'picture.jpg' to 'picture.txt' it will be given
the 'text/plain' MIME type, when in actual fact, the data of the file
is 'image/jpeg'. Hence Firefox can be fooled into sending the wrong MIME type.
The MIME type should be based on the data content of the file and not the file
extension (which can easily be spoofed). It is extremely lazy and inaccurate to
base MIME types on file extension alone. The file content should be examined to
determine the real MIME type. This behaviour is implemented in IE.
If a server application wants to allow only files with a specific MIME type to
be uploaded, the MIME type supplied by Firefox cannot be trusted, as a user can
spoof this with ease. Hence, additional work must be done on the server to
examine the content of the file to determine the real MIME type and not the
spoofed MIME type reported by Firefox.
Reproducible: Always
Steps to Reproduce:
1.Create a simple file upload form in HTML.
2.Create a copy of a jpeg image file and change the extension to '.txt'
3.Upload the file in the HTML form.
Actual Results:
On the server, the Content-Type header reports a MIME type of 'text/plain'
Expected Results:
On the server, the Content-Type header should report a MIME type of 'image/jpeg'
Comment 1•20 years ago
|
||
*** This bug has been marked as a duplicate of 295431 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•