Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.32.0

Bug #12946 .diff patch upload does not work with opera/linux
Submitted: 2008-01-21 12:12 UTC
From: cweiske Assigned: dufuz
Status: Closed Package: pearweb (version 1.17.1)
PHP Version: 5.2.5 OS:
Roadmaps: 1.18.0    

 [2008-01-21 12:12 UTC] cweiske (Christian Weiske)
Description: ------------ I cannot upload .diff patches with opera 9.2.5 on linux, it always says that the file needs to be .diff. Firefox works


 [2008-01-27 02:54 UTC] dufuz (Helgi Þormar Þorbjörnsson)
Can you send me the diff file ? I made a diff file with gnuwin32 and both Opera and FF report it as octet stream, the base system is just using the type $_FILES provides btw.
 [2008-02-07 14:04 UTC] wiesemann (Mark Wiesemann)
Comment from Till in Bug #11240: <<< I want to add my "report" because as far as I can see in CVS this issue is not yet fixed: When I try to upload a patch, I don't get past the following: Error: uploaded patch file must be text file (save as e.g. "patch.txt" or "pack It's a .diff file, ASCII. My take: You are using HTTP_Upload to verify the uploaded file is text/plain, and this is flawed for two reasons. 1) HTTP_Upload only proxies $_FILES, which contains information from the browser, because the browser doesn't know .diff (or .patch) it will assume application/whatever instead of text/plain. What it assumes can differ on many systems. I have no idea what it assumes right now, I created my file on Windows it's ASCII (I can email the file since I won't be able to attach it here). 2) This is also related to security because $_FILES is generated on the client-side (by the browser), I could write my own client and inject binary data here and claim it's text/plain. The workaround is to either use MIME_Type or File_Info. >>>
 [2008-02-09 22:46 UTC] dufuz (Helgi Þormar Þorbjörnsson)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on by the end of next Sunday (CET). If this was a problem with the website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. Hopefully it's fixed now, we're now using fileinfo for the mime part instead of relying on $_FILES (what HTTP_Upload was using for the filetype) which can be faked or the browser just buggy.