application/octet-stream mime type issue with codeigniter

Question

I have a strange problem with codeigniter upload class. I use uploadify (http://www.uploadify.com) to add ajax support on file uploading. When the file is sent from uploadify to codeigniter I always get a message that the filetype isn't allowed. I made some research and found out that the cause of the problem is flash, that is used by uploadify. For some reason it always sends files with application/octet-stream mime type. I tried to upload jpg, png, gif file types, but codeigniter always shows that the type is application/octet-stream.

Does anyone know how should I catch the real file type uploaded with flash in codeigneter?

Answer 1

I had the same issue, and fixed it by setting config $config['detect_mime'] = FALSE; in library, it's default value is true. So set if before calling do_upload() function in controller. In Upload class it will check detect_mime is true, and it fetches file mime type, if we set this to FALSE it will not fetch file mime type. also in library function is_allowed_filetype has a parameter $ignore_mime that is default FALSE, and in do_upload() function it's not passed. So simply do a hack that in library when we call this function pass !$this->detect_mime
here it will just reverse the detect_mime and we can control whether we need to allow mime type check or not by just setting config variable before calling do_upload function from any controller.

Let me know if you found any batter approach.

Answer 2

I had a similar issue and the solution I found is to create a MY_Upload library and override the function that sets the file_type (_file_mime_type)

class MY_Upload extends CI_Upload {

   /**
    * Override application/octet-stream on file_type
    *
    * @param    array   $file
    * @return   void
    */
   protected function _file_mime_type($file) {
       parent::_file_mime_type($file);

       if ($this->file_type == 'application/octet-stream' && !empty($file['type'])) {
           $this->file_type = $file['type'];
       }

   }

}

Answer 3

The issue here is that CodeIgniter seems to have a slight bug with its uploader and I agree with @bearfriend.

The is_allowed_filetype() function of the Upload Library allows a parameter of $ignore_mime but this parameter is not supplied within the do_upload function. So my solution is turn mime detection off and (dare I say it) amend the core Upload class so that the file upload check looks like this:

if ( ! $this->is_allowed_filetype($this->detect_mime ? false : true))

** The inverse of your detect_mime parameter is required

There is (unfortunately) another security issue here however. The user could rename virus.exe to allowed.jpg and the file would still be allowed. How bad that is will depend on file permissions and what you're using the files for along with how the files will be used. I for example tried the idea here (https://www.bleepingcomputer.com/forums/t/573945/this-looks-new-and-slipped-by-the-gmail-filters-this-morning/#entry3687679) and it didn't load because it was not a valid image. Different OS may be different.

The other issue with my solution is should you decide to upgrade CI these changes will be lost (although maybe improved by a later release).

Oh and also CI doesn't then ever set $this->file_type with ignore_mime true. The solution if you require the file_type in the output after the upload would be to use your own variable name instead (as opposed to sticking with ignore_mime).

Answer 4

The only solution I've found for this is to add:

'application/octet-stream'

into the application/config/mimes.php file for the various file types that you require. Not particularly helpful but it's the only effective method found.