Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.32.0

Bug #11240 can't submit patch (wrong mimetype reported)
Submitted: 2007-06-06 13:44 UTC
From: rfreund Assigned: wiesemann
Status: Closed Package: pearweb
PHP Version: 5.2.2 OS:
Roadmaps: 1.16.1    

 [2007-06-06 13:44 UTC] rfreund (Robert Freund)
Description: ------------ When trying to make a new bug and upload a patch to it, the bug tracker threw out an error message saying that I should upload the patch in mimetype "text/plain". I should rename it to patch.txt. I renamed it (the patch was created using standerd diff tools on Linux), but uploading didn't work - again, the same problem. I'm using Firefox


 [2007-06-06 13:59 UTC] rfreund (Robert Freund)
It works ok in konqueror, so the patch file is really ok.
 [2007-06-06 14:05 UTC] davidc (David Coallier)
Hmm standard diff tools ? You mean diff itself ? Have you tried cvs diff -u file.php > file.diff Thanks
 [2007-06-06 14:13 UTC] rfreund (Robert Freund)
Standard diff, but since I don't have cvs access to pear, I made it by doing: diff -u oldfile.php newfile.php > patch.diff Anyway, I could upload the same file without problems in Konqueror... Take a look at it here:
 [2007-06-06 14:48 UTC] wiesemann (Mark Wiesemann)
Robert, can you please upload your patch on the following test form with your two browsers? Please report back which type is displayed after you have submitted the form.
 [2007-06-07 09:47 UTC] rfreund (Robert Freund)
Yes. I tried with 2 files, patch.diff and patch.txt: Firefox: [name] => patch.diff [type] => text/x-patch [name] => patch.txt [type] => application/x-txt Konqueror: [name] => patch.diff [type] => text/x-diff [name] => patch.txt [type] => text/plain
 [2007-06-07 10:49 UTC] wiesemann (Mark Wiesemann)
Okay, we should add at least "application/x-txt" to the allowed types then. "text/x-patch" and "text/x-diff" also wouldn't be a problem (=> security). Any comments?
 [2007-06-07 16:06 UTC] cellog (Greg Beaver)
go for it Mark
 [2007-06-07 19:20 UTC] wiesemann (Mark Wiesemann)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on by the end of next Sunday (CET). If this was a problem with the website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.
 [2008-02-07 13:10 UTC] till (Till Klampaeckel)
I want to add my "report" because as far as I can see in CVS this issue is not yet fixed: When I try to upload a patch, I don't get past the following: Error: uploaded patch file must be text file (save as e.g. "patch.txt" or "pack It's a .diff file, ASCII. My take: You are using HTTP_Upload to verify the uploaded file is text/plain, and this is flawed for two reasons. 1) HTTP_Upload only proxies $_FILES, which contains information from the browser, because the browser doesn't know .diff (or .patch) it will assume application/whatever instead of text/plain. What it assumes can differ on many systems. I have no idea what it assumes right now, I created my file on Windows it's ASCII (I can email the file since I won't be able to attach it here). 2) This is also related to security because $_FILES is generated on the client-side (by the browser), I could write my own client and inject binary data here and claim it's text/plain. The workaround is to either use MIME_Type or File_Info.
 [2008-02-07 14:03 UTC] wiesemann (Mark Wiesemann)
Till, let's keep this problem in one bug report. Bug #12946 is currently open, I'll copy your comment to that bug.