Can't confirm, test using PHP 7.0.15 and 7.1.1.

System information

3.7.3-dev
Multilanguage Site
macOS Sierra, 10.12.5
Firefox 53 (64-bit)

MAMP 4.1.1

• MySQLi 5.6.35

I cannot replicate this at all.

• Joomla 3.7.3-dev
• Wampserver
• PHP 7.0.10

Cannot replicate:

• PHP 7.0.19
• Apache/Linux
• Joomla! 3.7.2 Stable

I also couldn't replicate this issue, pdf uploaded without errors.
Joomla 3.7.2 with PHP 7.1.1

PHP 7.0.18
Joomla! 3.7.2 Stable
Linux

we're having this issue - "fileinfo.so" php extension was disabled in server.
enabled fileinfo php extension and all good.

maybe a more informative error message would help debuging issue adding something like "Could not detect the file mime type. Please check with your host if you have fileinfo PHP extension enabled.".

anyway with php fileinfo extension enabled cannot replicate the issue.

My fileinfo extension is enabled.

Confirmed issue on Rochen server:

PHP Built On Linux impress51.directrouter.com 3.10.0-427.36.1.lve1.4.43.el7.x86_64 #1 SMP Wed Mar 29 16:13:25 EDT 2017 x86_64
Database Version 10.1.23-MariaDB
Database Collation utf8_general_ci
Database Connection Collation utf8mb4_general_ci
PHP Version 7.0.18
Web Server Apache
WebServer to PHP Interface cgi-fcgi
Joomla! Version Joomla! 3.7.2 Stable [ Amani ] 22-May-2017 09:46 GMT
Joomla! Platform Version Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
User Agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0

I have disabled "check mime types" in the Media Options (click Options button from Media screen).

@zero-24 Since Check MIME Types is disabled, Invalid mime type detected. shouldn't be checked/displayed. Right???

Update from Rochen --

After telling me that fileinfo and mime_content_type were enabled, they were able to get the PDF upload working under PHP 5.6. (In the control panel, go to PHP version and switch it.)

However, a second support person has come back to me after that change was made. He switched PHP 5.6 back to PHP 7.0. The PDF upload now works.

He says "I suppose it's possible that a needed PHP extension (like fileinfo) hadn't been selected previously, but the new defaults in the selector resolved the problem."

So, suggestion for other Rochen people with this issue:

a. log into cPanel
b. Choose "select PHP version" under "software" heading
c. See if fileinfo is checked.

If it IS checked, and you can't upload PDFs, then try:
a. Switch the version to 5.6 with the dropdown and apply the setting
b. Now switch back to PHP 7.0. Test to see if you can upload PDFs now.

My guess is that "fileinfo" is showing as checked when it's not really set.

Quy -- yes, that was my expectation for turning off the MIME type check. However, it had no effect on my ability/inability to upload a PDF.

Fix (???) is listed in the post before this one.

@jen4web My expectation too. The code has to be reworked to first check that Check MIME Types is enabled and not after the fact.

@jen4web what error do you get when mime checking is disabled? As this should never be a option you should set.

If you try to upload a file on a server where we can not check or detect the mime type we don't allow uploading it.

The Check MIME Types check is about checking the actual mime type against the allowed mime type. If no mime type is detected this is not taken into account and upload is blocked.

My issue is resolved at this point. However, when it was broken, I tried uploading the PDF with mime checking enabled and disabled. Error message was the same:

Error
Invalid mime type detected.

Sure we can improve that message. But this means "We can not detect any mime type for that file so we don't allow uploading it"

Here is the description for Check MIME Types:

Use MIME Magic or Fileinfo to attempt to verify files. Try disabling this if you get invalid mime type errors.

getMimeType() should only be executed if Check MIME Types is enabled.

invalid mime type errors.

The problem is that you do not get "invalid mime type error" (i have already sayed that the message needs to be inproved) you get the "mime type detection is not working on your system" error. Which IMO should be fixed on server side and not just ignored by the CMS. As this is a server / configuration error and not a CMS error ;).

We maybe need a suggestion for a better error message in that case.

Please take a look here: #16246 for a extended message.

I am sorry but I cannot replicate this on our servers (PHP 7.1.14). Neither in default media manager nor in /TinyMCEJCE. I can upload pdf's either from frontend or admin without problems and if pdf's disabled (in media options) I do get the proper message (extension not supported)

However: The pdf's show in the file system with FTP (after upload in the media manager but they do not show after upload in the media manager itself in the administrator (they are uploaded as stated since they show in the file manager with ftp) That only happens when uploaded in this case with Tiny/JCE but they show when uploaded with/in the admin panel in the media manager itself (!)

so by using the media manager upload they show but when upload with any editor they don't show in the media manager in admin backend despite being listed in the file system (FTP)

@gwsdesk

I am sorry but I cannot replicate this on our servers (PHP 7.1.14).

Sure the most of us can't as it looks like a server / hosting issue.

so by using the media manager upload they show but when upload with any editor they don't show in the media manager in admin backend despite being listed in the file system (FTP)

Please double check that. For the frontend image button this is expected (only images) and this is a longstanding behavior so nothing changed in 3.7.1/2

In the backend it is working fine for me:

For reference I have notified Rochen of this issue and they are investigating

In general, things are working fine as long as the server is correctly configured. The issue we are running into it seems is that there are hosting environments (such as Rochen's) which are disabling features that are by default enabled in the baseline PHP distribution. So, we need to improve our handling a bit; though fileinfo is enabled by default since PHP 5.3.0 (source - https://secure.php.net/manual/en/fileinfo.installation.php), we can't rely on its presence so we need to get a little defensive in our coding. It's not much different than how we had to have some defensive coding around the use of parse_ini_file() and parse_ini_string().

So, we need to improve our handling a bit

we can't rely on its presence so we need to get a little defensive in our coding.

Any suggestions?

@zero-24 I do disagree with you on upload pdf. Please read what I wrote. I can upload with JCE for instance and it is successful. However the pdf won't show in the media manager but is in the file system.... See images

That modal is hardcoded to only display images, even if the upload was successful it will never display PDF files.

and that is NOT a new thing - it has always been that way

I get you but why not? If mime-types are supported they should show?

read what michael wrote!!!

I did but I asked a question on that is that wrong?

I did but I asked a question on that is that wrong?

THis is a complete different issue and a long standing one too ;) PLease open a new issue for that.

Btw that button is told to be "image" please look at your screenshot ther is also the mention that it is only images. (PDF != image :P)

I get you but why not? If mime-types are supported they should show?

That specific modal and the field it's attached to have always been hardcoded to images only (don't ask why, a decision made long ago is all I know and I had to essentially build a fork of com_media to work with non-image files with a similar user interface). So that view is different than the default media manager view which should show everything in the images directory.

As for uploading through JCE, if it's not going through our library class that's running this check, that would explain why you can upload through the editor but not through com_media.

Thanks but I can also upload through com_media and that works also but it won't list in the media manager despite being present in the file system (but I do understand the hard-coded thing)

Note: therefor we have in JCE a different function to link to a file ;-) (get it now)

which of course means that JCE might not be protecting your uploads

which of course means that JCE might not be protecting your uploads

JCE is not affected by this because they don't use JHelperMedia's canUpload method. IIRC they use it's own method.

@brianteeman Just like com_media since I can upload pdf's but they do not get listed in com_media but are in the file system. Sorry Brian, for me wrong argument

@zero-24 That clarifies thanks

If you can view your uploaded PDFs at administrator/index.php?option=com_media (the main media manager view, not the modal window) then the system is working fine. com_media has two main views, the full view which lists everything, and the popup view which is ONLY images. It is a discussion for another issue whether there should be a popup view showing all files, fully separate from this issue thread. Right now though, the fact that you cannot view uploaded PDFs in the popup window is the system design, for reasons already explained.

@mbabker I can upload a screencast for you showing that I can upload a pdf both in admin (com_media) and in frontend with JCE? If you say that an upload is not possible we have a bug since I can as shown in the image?

I'm not talking about upload at this point, I'm talking about viewing the directory contents, in response to your screenshots saying that PDF files are not being displayed even though they exist on the server.

OK as suggested by @zero-24 I will open a different issue for this. Thanks for the guidance

Related to but not the exact problem described by jen4web:

I'm using DreamHost shared hosting, with PHP 7.0.14 and Joomla! 3.7.2. Neither finfo_open nor mime_content_type are enabled by default. After editing a phprc to enable fileinfo as described in DreamHost's knowledgebase, PDF upload succeeds. But attempting to upload mp3 files fail with "Error - Illegal mime type detected: application/octet-stream" or "Error - Illegal mime type detected: audio/mpeg." A simple workaround is to add these types to Legal MIME Types or perhaps set Check MIME Types to No in com_media options. I'm not sure what (if any) security this implicates. This topic on Stack Overflow may help other Joomla users make sense of the seemingly inconsistent errors when uploading mp3s: why some mp3s on mime_content_type return application/octet-stream.

" A simple workaround is to add these types to Legal MIME Types

that is not a workaround that is the expected behaviour

How did you got the octet-stream error message? What exact steps do you took?

Work for me to upload PDF file from Media Manager. I use PHP 7.0.11. Just enable extension = fileinfo.so in php.ini

PHP 5.5.3 Joomla 3.7.2 Failing to upload pdfs. All has been well all along but moving to 3.7.1 then updating to 3.7.2 has solved nothing.

@lazytocook please get in contact with your hosting and ask about the fileinfo extension to be enabled.

@zero-24, thanks will get in touch with my host and get back to you with results.

I've experienced this issue on multiple sites on both 3.7.1 and 3.7.2 running both PHP 5.6 and 7.

@dstncz have this comment (and following) helped?

My host (siteground) is telling me fileinfo support is enabled
version 1.0.5
libmagic 517

Still having the issue.

I have just boarded to my plane. When i'm landed i can prepare you a detection script on what is working or not.
Until that please double check the fileinfo extension using the PHP info file. Thanks

@dstncz I just checked on my siteground account with php 7.0 and had no problem at all

if (function_exists('mime_content_type'))
{
	echo 'We use mime magic.';
}
elseif (function_exists('finfo_open'))
{
	echo 'We use fileinfo';
}
else
{
	echo 'mime magic & fileinfo is not enabled';
}
exit;

Please add this to the top of your template index php file (you can use the backend template editor). And show us the result. Thanks.

for reference I got "we use mime magic" on my SG account

fileinfo

fileinfo support enabled
version 1.0.5
libmagic 522

Says "we use mime magic"

SiteGround support also got back to me. They are adamant that it is a 3rd party extension causing the issue. We set up a clean Joomla install on the same container and pdfs upload fine.

thanks for the feedback ?

@dstncz based on all our tests it does sound like they are correct

I'm having a hard time tracking this down. In addition to our site at SG we are also experiencing this issue with 3 additional sites on a separate container hosted at PowerVPS. One of which has barely any extra extensions (3.7.1 with Akeeba Backup, Brute Force Stop, JCE & Rokcandy).

I've tried disabling all the mentioned extensions and still get the mime error.

Related: I've confirmed that fileinfo is enabled on this container as well with the host.

Thought it might possibly be something with CXS, so fully disabled that. Still getting the error.

Any ideas?

I was able to resolve the issue on both our containers. For the sites running 3.7.1 upgrading to 3.7.2 fixed it. For the SG site, we restored to a backup of 3.7.1 then re-upgraded to 3.7.2.

Joomla 3.7.2 with PHP 7.1.1
Was able to replicate the issue and then solved it by enabling fileinfo.so

Joomla 3.8.0 with PHP 7.0.22 - same for PHP 7.1.7:

Seems like upgrading from Joomla! 3.7.2 to 3.8.0 has reintroduced the Invalid mime type problem.
phpinfo says version 7.0.22 and fileinfo enabled, yet an attempt to upload a PDF via Media Mgr fails with "Illegal or invalid mime type".

/Per

BTW:
"We use mime magic."

Hi, i have similar problem.
Joomla 3.8.2, PHP 5.6 and php 7.0

I have mime, fileinfo, etc...

After trying to upload a PDF in media manager, even with check mime types OFF and PDF in excluded extension, even with application/octet-stream i receive this error:

0 - Invalid controller: name='file', format='html'

I can't upload with Docman too...

systeminfo-2017-11-30T14_47_16+00_00.txt

EDIT: with K2 Media Manager i can upload without any problem!

EDIT 2: If i try to upload with JCE File Browser i receive "The server returned an invalid JSON response."

I think the problem could be alleviated by changing some of the code in the Media Helper canUpload() method, around lines 270 to 283 in libraries/src/Helper/MediaHelper.php in joomla 3.8.

Change:

if ($mime != false)
{
   :	[check MIME type is legal]
}
// We can't detect the mime type so it looks like an invalid file
else
{
	$app->enqueueMessage(\JText::_('JLIB_MEDIA_ERROR_WARNINVALID_MIME'), 'error');
	return false;
}
if (!\JFactory::getUser()->authorise('core.manage', $component))
{
	$app->enqueueMessage(\JText::_('JLIB_MEDIA_ERROR_WARNNOTADMIN'), 'error');
	return false;
}

to

if ($mime != false)
{
   :	[check MIME type is legal]
}
// We can't detect the mime type so it looks like an invalid file
else
{
	if (!\JFactory::getUser()->authorise('core.manage', $component))
	{
		$app->enqueueMessage(\JText::_('JLIB_MEDIA_ERROR_WARNNOTADMIN'), 'error');
		return false;
	}
}

This means that if for some reason the MIME type can't be ascertained, the code checks if the user has Media "core.manage" access before it disallows the upload. So users with sufficient privilege can still do their job, without having to relax the Restrict Uploads setting. (It would also fix this problem).

To my mind, this also fixes another inconsistency when the Restrict Uploads is set. When a user who doesn't have "core.manage" access tries to upload a non-image file – even though the file has a legal MIME type, the upload is still rejected because the user doesn't have "core.manage" privilege. Which doesn't in my opinion fit with the description of the Restrict Uploads setting "Restrict uploads for lower than manager users to just images if Fileinfo or MIME magic isn't installed.", in that it restricts it even if the system can determine the MIME type, and the file passes the legal MIME types check.

Oddly enough, I've looked in many places and could not find answers that worked for me. Found this one below and it worked like a charm. Not sure why though...

Login to your Joomla Backend.
Go to The System Menu and select Global Configuration.
Under the component menus, select Media.
In the Media Section, scroll to Ignored Extensions
Type in the following text:   application/pdf,pdf,txt,text/plain

Try uploading a pdf, that is what fixed it for me.

@zero-24 Can this be closed?

The work-around works, because it is negatively ignored as a media type. Since PDFs play an important role in SoHo site creations, e.g. for ideal communities, PDF as a mime type should be allowed per default. My recommendation would be for the Joomla core team to incorporate a fix into the next Joomla release to allow for PDFs.

Thanks for your recomendation.

PDF has been enabend per default for serveral releases. But for obius reasons we don't overwrite your settings using update ;-)

This is more a issue with your server not beeing able to detect the file extension.

To me it is the expected behavior that if a extension cant bee detected the upload fails (this is the reason i wrote the code this way) but I'm happy to get another opinions. Technical this is a broken server config and well we can implement workarrounds but they will all compromise Security..

In any case the setting "Check MIME Types" is not taken into account, so at least we should provide a fix for that, right?

If the upload is always disallowed if the MIME type can't be determined, then in that case what does the config parameter Restrict Uploads mean? Its tooltip is "Restrict uploads for lower than manager users to just images if Fileinfo or MIME magic isn't installed".

I think there's an inconsistency between the tooltip description of this config parameter and the actual coded functionality, and it would be helpful to fix this.

@zero-24 I don't see Illegal MIME Types setting being utilized. Do you know why?

Yes

On Thu, Mar 15, 2018 at 3:32 PM Quy notifications@github.com wrote:

@zero-24 https://github.com/zero-24 Can this be closed?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#16238 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADwCKYnuL3y03QhLJ8NZl6F65BFnrSglks5tes-2gaJpZM4Nk8b9
.

--
Best Regards,

Everett Alexander

Moxy Mediaworks
http://www.moxymediaworks.com http://moxymediaworks.com

@zero-24 I don't see Illegal MIME Types setting being utilized. Do you know why?

Yes because anything that is not allowed is illegal ;)

Yes because anything that is not allowed is illegal ;)

Then why have Illegal MIME Types setting?

Check MIME Types = Use MIME Magic or Fileinfo to try to verify files. Try disabling this if you get invalid mime type errors.

According to the above description, this setting can be used to disable the invalid mime type errors, but that is not possible since it is performed after getMimeType.

Shouldn't it be something like this?

if ($params->get('check_mime', 1))
{
        $mime = $this->getMimeType();
        ....
}

Perhaps it's best to consider what the options should be, and ensure that the code then matches that. The fact that Fileinfo is now an inherent part of PHP has changed things a bit.

I've documented below what the options tooltips are, and what I believe the functionality is in the code, as a starting point. Worth checking I've got it right!

Restrict Uploads
parameter: restrict_uploads
tooltip: Restrict uploads for lower than manager users to just images if Fileinfo or MIME Magic isn't installed.
code: Restrict uploads for lower than manager users to just images

Check MIME Types
parameter: check_mime
tooltip: Use MIME Magic or Fileinfo to attempt to verify files. Try disabling this if you get invalid mime type errors.
code: Only relevant if Restrict Uploads is set to Yes. If Check MIME Types is Yes then it ensures that the MIME type also is valid (ie in addition to the file extension being valid). This applies for all users, including managers. A valid MIME type is one which is in the list of Legal MIME Types. Even if Check MIME Types is set to No, the system checks that the MIME Type can be determined.

Legal Image Extensions (File Types)
parameter: image_extensions
tooltip: Image extensions (file types) you are allowed to upload (comma separated). These are used to check for valid image headers.
code: Extensions (file types) you are allowed to upload (comma separated). [These don't have to be image extensions].

Ignored Extensions
parameter: ignore_extensions
tooltip: Ignored file extensions for MIME type checking and restricted uploads.
code: File extensions of files which any user will always be allowed to upload.

Legal MIME Types
parameter: upload_mime
tooltip: A comma separated list of legal MIME types to upload.
code: If Restrict Uploads is set to Yes and Check MIME Types is set to yes, then the MIME type is checked against this list, and the upload rejected (for all users, including managers) if the MIME type is not found in the list.

Illegal MIME Types
parameter: upload_mime_illegal
tooltip: A comma separated list of illegal MIME types to upload (blacklist).
code: used in com_attachments AttachmentsHelper::upload_file to block uploads.

In addition there is the question of what should happen if the system can't determine the MIME type. At the moment, this results in an error if Restrict Uploads is set to Yes, regardless of whether Check MIME types option is set to Yes or No.

Restrict Uploads
parameter: restrict_uploads
tooltip: Restrict uploads for lower than manager users to just images if Fileinfo or MIME Magic isn't installed.
code: Restrict uploads for lower than manager users to just images

It should include this condition Fileinfo or MIME Magic isn't installed.

Please test PR #20156 to show/hide settings relating to restrict uploads.

I'm not sure how relevant that condition Fileinfo or MIME Magic isn't installed is any longer.
Looking at this page, MIME magic was removed in PHP 5.3, and Fileinfo is now included in standard PHP.

So I think that this is one reason why these tooltip descriptions would benefit from being updated.

Several people in this thread have mentioned that they are using "mime magic".

To me it is the expected behavior that if a extension cant bee detected the upload fails (this is the reason i wrote the code this way) but I'm happy to get another opinions. Technical this is a broken server config and well we can implement workarrounds but they will all compromise Security..

Can we agree with this and not implement workarounds? Which tooltip to rephrase and to what?

Here are some suggestions as a starter.

Personally I would change some of the field names as well as the tooltips. I find it confusing having one field called Legal Extensions and another called Legal Image Extensions. I think that showing the latter only if Restrict Uploads is Yes will help to some extent.

Suggestions for field name changes:

Legal Image Extensions (File Types) - change to Unrestricted Extensions (File Types)
Legal MIME Types - change to Unrestricted MIME Types.

Suggestions for tooltip descriptions:

Restrict Uploads – If set to Yes, then users who have not got manager access are restricted to only a subset of the Legal Extensions which can be uploaded. They may only upload a file if its extension is in the specified Unrestricted Extensions or (if Check MIME Types is set to Yes) if its MIME type is in the specified Unrestricted MIME Types.

Unrestricted Extensions – If Restrict Uploads is Yes, then this is the list of file extensions which any user may upload.

Unrestricted MIME Types – If Restrict Uploads is Yes, then this is the list of MIME Types which any user may upload.

Set to "closed" on behalf of @Quy by The JTracker Application at issues.joomla.org/joomla-cms/16238

Please test PR #25351