User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:18.104.22.168) Gecko/20090729 Firefox/3.5.2 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; de; rv:22.214.171.124) Gecko/20090729 Firefox/3.5.2 see below Reproducible: Always
same as bug 547234
My project provides an file uploader for the users. When some FF10+ users try to upload a PDF, it is being sent as x-type/subtype, which is causing the file type security in my app to fail. Is this issue dead?
Would be helpful to figure out where that value comes from. However, relying on browser-supplied content type in your web app is prone to user (and application) error, probing the type yourself is prone to security issues when the probing gets too complex. Firefox does not seem to handle file types sensibly and nobody seems to care. Also it tries to get file type information from the system and does not filter out what it gets in any way.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 373621
You need to log in before you can comment on or make changes to this bug.