Panel renaming .jpeg to .jpg - how to prevent without turning off sanitization

macgyver · April 7, 2017, 5:20pm

Is there a way to allow .jpeg as well as .jpg?

Ultimately I think we should be able to specify any extension like you can in Processwire:

bnomei · April 7, 2017, 5:47pm

macgyver · April 8, 2017, 7:32pm

Correct.

It’s just my content comes from another program that for some reason outputs both so some image links are broken. I will look into why it is doing that.

I would like to see the ability to specify allowed extensions however.

flokosiol · April 8, 2017, 8:40pm

You can use panel.file.upload permission to check for file extensions on upload. Have a look at the section “Allow uploads based on the type of file”.

texnixe · April 9, 2017, 3:09pm

The string replacement (jpeg=> jpg) is hardcoded in the Upload class (toolkit/lib/upload.php):

$safeExtension = str_replace('jpeg', 'jpg', str::lower($extension));

so unless you prevent sanitization of the filename via blueprint or modify the source code, I don’t think you can do anything to prevent sanitization of the extension.

bnomei · April 10, 2017, 11:21am

could a hook be used to rename the file back to jpeg after uploading, or does this trigger sanitation?
inside hook using toolkits f class in file and meta file?

texnixe · April 10, 2017, 11:51am

I don’t think so, because the file upload hook does not have an old file object. Therefore, you wouldn’t know the original file extension, if both .jpeg and .jpg are used.

@macgyver This is not a matter of allowed file extensions, because files with the extension .jpeg are valid uploadable files. The thing that happens is that they are renamed with that piece of code I quoted in my last post.

macgyver · April 10, 2017, 5:56pm

Where can I specify additional valid uploadable files?

texnixe · April 10, 2017, 6:05pm

You could use permissions to prevent upload of certain files, but this will not really help you with the extension problem. As I said, the problem is not that your .jpeg files cannot be uploaded, but that their extension is changed.

There is no config setting comparable to the Processwire setting you mentioned above.

bnomei · April 11, 2017, 8:27am

codeline is here.

github.com

getkirby/toolkit/blob/master/lib/upload.php#L92


}


public function to() {


  if(!is_null($this->to)) return $this->to;


  $source        = $this->source();
  $name          = f::name($source['name']);
  $extension     = f::extension($source['name']);
  $safeName      = f::safeName($name);
  $safeExtension = str_replace('jpeg', 'jpg', str::lower($extension));


  if(empty($safeExtension)) {
    $safeExtension = f::mimeToExtension(f::mime($source['tmp_name']));
  }


  return $this->to = str::template($this->options['to'], array(
    'name'          => $name,
    'filename'      => $source['name'],
    'safeName'      => $safeName,
    'safeFilename'  => $safeName . r(!empty($safeExtension), '.' . $safeExtension),

@macgyver
you could replace this line in your kirby toolkit installation.

     // $safeExtension = str_replace('jpeg', 'jpg', str::lower($extension));
     $safeExtension = str::lower($extension);

that ‘fix/hack’ will be gone when updating of course. not really a good solution but should work.

filetypes are here

github.com

getkirby/toolkit/blob/master/lib/f.php

<?php

/**
 *
 * File
 *
 * Low level file handling utilities
 *
 * @package   Kirby Toolkit
 * @author    Bastian Allgeier <bastian@getkirby.com>
 * @link      http://getkirby.com
 * @copyright Bastian Allgeier
 * @license   http://www.opensource.org/licenses/mit-license.php MIT License
 */
class F {

  public static $mimes = array(
    'hqx'   => 'application/mac-binhex40',
    'cpt'   => 'application/mac-compactpro',
    'csv'   => array('text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream'),

This file has been truncated. show original

texnixe · April 11, 2017, 8:35am

I agree, not ideal, but as long as you keep track of such changes in a todo list for updates, it should not be a problem.

macgyver · April 11, 2017, 11:45am

@bnomei Thanks! I was looking for that

Topic		Replies	Views
Disable filename sanitization on upload Questions v3	2	583	October 11, 2020
Change file extension on upload to panel Questions v2	4	617	February 6, 2025
How to deactivate filename sanitation during upload? Questions	3	26	August 6, 2024
Preserving original filename after panel upload Questions v3	3	701	August 16, 2019
Rename files on upload to panel Questions v3	8	1039	May 7, 2021

Panel renaming .jpeg to .jpg - how to prevent without turning off sanitization

Related topics