[dev] Consider ignoring upload Content-Type

Jan Schneider jan at horde.org
Wed Jan 13 23:24:23 UTC 2010 

Zitat von Michael M Slusarz <slusarz at horde.org>:

> Quoting Vilius Šumskas <vilius at lnk.lt>:
>
>> Sveiki,
>>
>> Wednesday, January 13, 2010, 7:35:49 PM, you wrote:
>>
>>> Quoting Jan Schneider <jan at horde.org>:
>>
>>>> One of the most often reported problems with IMP is about
>>>> clients/browser sending the wrong content type with file uploads.
>>>> No question that we are doing it the right way. But fact is that
>>>> there are lots of broken user systems out there, and the problem can
>>>> only be fixed on the client system. This is especially problematic
>>>> with a server-side software like Horde.
>>>> Thus I'd like to discuss whether we should start ignoring the
>>>> content type of file uploads completely and instead rely on
>>>> server-side mime magic. The advantage is, that the behavior is the
>>>> same for every client, and that administrator can fix wrong
>>>> detections at a single place, and at a place they actually have
>>>> access too. Of course this makes mime magic a requirement for Horde.
>>>> It might not be the right behavior RFC wise and add another
>>>> prerequisite, but it would improve the user and administrator
>>>> experience a lot IMO.
>>
>>> I would have no issue with this, as long as this is configurable.  And
>>> I believe that using the browser generated MIME type should remain the
>>> default, since it seems to work best most of the time (my personal
>>> experience is that the browser determination is *more* accurate than
>>> MIME magic determination).
>>
>> As  an  ex sysadmin, I can confirm what Michael is saying. Client MIME
>> type  detection  is  more  accurate  in  most  cases  than MIME magic.
>> Especially for proprietary files (e.i. Word, Excel, Photoshop).
>
> Further brainstorming:
> Better than a preference, do this in a hook.  Browser detection is  
> always used; pass in the Horde_Mime_Part object to a hook and the  
> hook can determine whether to alter the MIME type.  E.g. do MIME  
> magic detection based on:
> * The reported MIME type (application/octet-stream; double-check  
> known troublesome MIME types)
> * Certain known buggy browsers
> * For all data

Sounds like an interesting approach. I wasn't aware that mime magic is  
so unreliable.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/

More information about the dev mailing list