Forums / Developer / validateObjectAttributeHTTPInput datatype func. bug ?!

validateObjectAttributeHTTPInput datatype func. bug ?!

Previous topic

Developer

Next topic

Author	Message
Selmah Maxim	Monday 14 July 2003 4:11:20 am This bug is still exists since v3.0 ! The ezimage datatype should be for just images, but when input any kind of file will take it, and upload it as bin file format or text or what ever ... so now when you call the image from template you get errors .. coz the user didn`t upload image file ... also you cann`t control the images type which is supported ... also you cann`t control the image size ! I had add this to check the file mimetype in ezimagetype.php, under function validateObjectAttributeHTTPInput : $TestFile =& eZHTTPFile::fetch( $base . "_data_imagename_" . $contentObjectAttribute->attribute( "id" ) ); $ini =& eZINI::instance( "image.ini" ); $Types = $ini->variableArray( "OutputSettings", "AvailableMimeTypes" ); $img =& imageInit(); if($TestFile) { $FileMime = $img->mimeTypeFor( $TestFile->attribute( "original_filename" ), true ); if(!in_array($FileMime['mime-type'],$Types)) { $contentObjectAttribute->setValidationError( ezi18n( 'kernel/classes/datatypes', "The image format is not supported.", 'eZImageType' ) ); return EZ_INPUT_VALIDATOR_STATE_INVALID; } } Work fine, if the file format is not listed in image.ini will get error msg when user try to submit it, BUT the file still upload it to the site and store it in the DB .. As I think when the status 'EZ_INPUT_VALIDATOR_STATE_INVALID' the other function should be hang ... but this not happening .. why I don`t know ! Maybe I should make this check under function fetchObjectAttributeHTTPInput ?! Or ?!?! any idea ?!
Selmah Maxim	Wednesday 16 July 2003 3:30:51 am it`s not checking if the uploaded file is valid image ! also the max file size should be in bytes ! any comments ?!

Author

Message

Selmah Maxim

Monday 14 July 2003 4:11:20 am

This bug is still exists since v3.0 !

The ezimage datatype should be for just images, but when input any kind of file will take it, and upload it as bin file format or text or what ever ... so now when you call the image from template you get errors .. coz the user didn`t upload image file ... also you cann`t control the images type which is supported ... also you cann`t control the image size !

I had add this to check the file mimetype in ezimagetype.php, under function validateObjectAttributeHTTPInput :

$TestFile =& eZHTTPFile::fetch( $base . "_data_imagename_" . $contentObjectAttribute->attribute( "id" ) );
$ini =& eZINI::instance( "image.ini" );
$Types = $ini->variableArray( "OutputSettings", "AvailableMimeTypes" );
$img =& imageInit();
if($TestFile)
{
$FileMime = $img->mimeTypeFor( $TestFile->attribute( "original_filename" ), true );
if(!in_array($FileMime['mime-type'],$Types))
{
$contentObjectAttribute->setValidationError( ezi18n( 'kernel/classes/datatypes',
"The image format is not supported.",
'eZImageType' ) );

return EZ_INPUT_VALIDATOR_STATE_INVALID;
}
}

Work fine, if the file format is not listed in image.ini will get error msg when user try to submit it, BUT the file still upload it to the site and store it in the DB ..

As I think when the status 'EZ_INPUT_VALIDATOR_STATE_INVALID' the other function should be hang ... but this not happening .. why I don`t know !

Maybe I should make this check under function fetchObjectAttributeHTTPInput ?!

Or ?!?!

any idea ?!

Selmah Maxim

Wednesday 16 July 2003 3:30:51 am

it`s not checking if the uploaded file is valid image !
also the max file size should be in bytes !

any comments ?!