We build a tool using kirby which essentially lets our operations team internally upload small files from either corp or production network. On submit it creates a page in another folder and adds the uploaded files to the page. That’s all working, however we need to be able to upload files with extensions like .srt / .ttml / .otf / .stl / .msg and .htm.
Some of them throw an invalid file type error when no file blueprint with accept: mime: exists. When we do add the file blueprint and we’re trying to upload e.g. a .srt subtitle file we’re getting an error like below. I know you can overwrite existing core classes, so I’m assuming this would be the way to go here? Any guideline how I would start with that? Or is there another way to accomplish this?
I know I could set mime to null to skip checking the mime types, but we’d prefer to still have a list of accepted file extensions. It’s a workaround for sure but I’d still prefer to be able to control the list of accepted extensions.
Kirby\Filesystem\Mime::matches(): Argument #1 ($test) must be of type string, null given, called in ..project\kirby\src\Filesystem\File.php on line 284
Ohhh I did miss that option @texnixe. Thank you thats working now for all the extra file extensions other then .htm. To get .htm files allowed I’d have to overwrite the FileRules class correct? Cause I do see the catch inside function validExtensionwhich which prevents to upload htm* files. Since this is an internal tool and not facing the www I don’t have any concerns to upload those files.
if (Str::contains($extension, 'htm') !== false) {
throw new InvalidArgumentException([
'key' => 'file.type.forbidden',
'data' => ['type' => 'HTML']
]);
}
There are no file models right? I could simply remove those lines above from the FileRules.php file but I don’t want to do that everytime we update Kirby. Just trying to figure out the best approach to this.
I digged a little further and totally forgot that all files uploaded/submitted by the form already get a file extension of .tmp. So instead of removing the check for a file extension of .htm I’ve removed the mime type check below inside the fileRules → validMime function, before working on a custom file class.
if (V::in($mime, ['text/html', 'application/x-msdownload'])) {
throw new InvalidArgumentException([
'key' => 'file.mime.forbidden',
'data' => ['mime' => $mime]
]);
}
After removing the lines I’m getting a new error which looks like Kirby is trying to read the entire file and therefor seems to throw an error. I know that there’s a security reason that .htm files are prohibited to be uploaded but there must be a way to get this allowed… at least I hope so. I also can’t identify from where this error originates from.
Error: The "lang" attribute (line 2) is not allowed: Not included in the global allowlist The "xmlns:v" attribute (line 5) is not allowed: Not included in the global allowlist
Yes that seems right… I know this is not an ideal solution but for now I renamed the Sane->HTML.php class to continue further testing. Unfortunately for this project/tool we really need to have those file types allowed to be uploaded.
The other solution I was thinking of is excluding .htm or .html files from the $page->createFile() bit in our code and instead move them after page creation to the page directory. I guess the only caveat would be that $page->files() would not return them. But I could work around that…