KevinTheJedi
Thanks Kevin.
So I just completely removed the MIME type check like this.
diff --git a/include/class.forms.php b/include/class.forms.php
index 529b929..78dcbd9 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -3971,11 +3971,6 @@ class FileUploadField extends FormField {
}
static function isValidFile($file) {
- // Make sure mime type is valid
- if (strcasecmp(FileObject::mime_type($file['tmp_name']),
- $file['type']) !== 0)
- return false;
-
// Check invalid image hacks
if ($file['tmp_name']
&& stripos($file['type'], 'image/') === 0
Now the files are being uploaded just fine. In the end, who cares about those security vulnarabilities, right, right?
As far as I understood, browsers utilize a depricated MIME type 'x-zip-compressed' while PHP uses a normal one 'application/zip'... So there is hope browsers will update some day. Is this correct?
