Closed Bug 295432 Opened 20 years ago Closed 20 years ago

Bogus file name extensions fool Firefox into sending wrong MIME type in HTTP POST

Categories

(Firefox :: File Handling, defect)

x86
Windows XP
defect
Not set
major

Tracking

()

VERIFIED DUPLICATE of bug 295431

People

(Reporter: simon.donovan, Unassigned)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 This bug relates to uploading files using HTTP POST and the incorrect reporting of MIME types. MIME types for file uploads in Firefox are based on file name extensions. e.g. The file 'info.txt' will be given the 'text/plain' MIME type and the file 'picture.jpg' will be given the 'image/jpeg' MIME type. If a rogue user renames 'picture.jpg' to 'picture.txt' it will be given the 'text/plain' MIME type, when in actual fact, the data of the file is 'image/jpeg'. Hence Firefox can be fooled into sending the wrong MIME type. The MIME type should be based on the data content of the file and not the file extension (which can easily be spoofed). It is extremely lazy and inaccurate to base MIME types on file extension alone. The file content should be examined to determine the real MIME type. This behaviour is implemented in IE. If a server application wants to allow only files with a specific MIME type to be uploaded, the MIME type supplied by Firefox cannot be trusted, as a user can spoof this with ease. Hence, additional work must be done on the server to examine the content of the file to determine the real MIME type and not the spoofed MIME type reported by Firefox. Reproducible: Always Steps to Reproduce: 1.Create a simple file upload form in HTML. 2.Create a copy of a jpeg image file and change the extension to '.txt' 3.Upload the file in the HTML form. Actual Results: On the server, the Content-Type header reports a MIME type of 'text/plain' Expected Results: On the server, the Content-Type header should report a MIME type of 'image/jpeg'
*** This bug has been marked as a duplicate of 295431 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.