[MAGNOLIA-2702] Unknown file extensions should be treated as binary files Created: 27/Apr/09  Updated: 19/Dec/16  Resolved: 04/Nov/15

Status: Closed
Project: Magnolia
Component/s: core
Affects Version/s: 3.6.5
Fix Version/s: None

Type: Improvement Priority: Major
Reporter: Sean McMains Assignee: Philipp Bärfuss
Resolution: Won't Do Votes: 0
Labels: maintenance, quickwin, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File defaultMime.patch    
Issue Links:
relation
is related to MAGNOLIA-3427 Introduce an icon for mov mime-type Closed
Template:
Patch included:
Yes
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

When mapping MIME types, there are generally 3 cases to be accounted for:

  1. File Extensions that are listed in the MIME Mapping Configuration
  2. File Extensions that are not listed in the MIME Mapping Configuration
  3. Paths without a file extension

Currently, in instance #2, the response is returned as text/html. As a result, if a user uploads a file of a type that Magnolia doesn't know about, the binary content will get dumped directly into the browser window. (This happened for us recently when a site manager uploaded an M4A file, one of the music file formats iTunes supports.) We were able to correct the problem by adding the appropriate MIME type definition to Magnolia's configuration, but it was clear that it would have been far more helpful for Magnolia to treat it as a binary file when it didn't know what the content was.

Here's a patch that, in instance #2, will return a MIME type of "application/octet-stream" instead of "text/html". Instance #1 and #3 will be unaffected.



 Comments   
Comment by Michael Mühlebach [ 04/Nov/15 ]

Given the thousands of other issues we have open that are more highly requested, we won't be able to address this issue in the foreseeable future. Instead we will focus on issues with a higher impact, and more votes.
Thanks for taking the time to raise this issue. As you are no doubt aware this issue has been on our backlog for some time now with very little movement.
I'm going to close this to set expectations so the issue doesn't stay open for years with few updates. If the issue is still relevant please feel free to reopen it or create a new issue.

Generated at Mon Feb 12 03:39:16 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.