Don't trust the browser-provided mimetype if it looks bogus.

Review Request #6118 — Created July 19, 2014 and submitted

Information

Review Board
release-2.0.x
d1d8ec2...

Reviewers

A user was reporting that their PDF file uploads were being assigned the
mimetype of "text/text/application/pdf", which is completely bogus. If
splitting on '/' produces anything other than a list of two strings, don't
allow it to proceed.

Ran unit tests.

Description From Last Updated

Shouldn't this be blah.split('/') != 2, instead of using not .. ==?

chipx86chipx86

Can we add a comment above this conditional talking about this, and referencing the bug? It's obscure enough that I …

chipx86chipx86
reviewbot
  1. Tool: PEP8 Style Checker
    Processed Files:
        reviewboard/attachments/forms.py
    
    
    
    Tool: Pyflakes
    Processed Files:
        reviewboard/attachments/forms.py
    
    
  2. 
      
chipx86
  1. 
      
  2. reviewboard/attachments/forms.py (Diff revision 1)
     
     
    Show all issues

    Shouldn't this be blah.split('/') != 2, instead of using not .. ==?

  3. 
      
david
reviewbot
  1. Tool: PEP8 Style Checker
    Processed Files:
        reviewboard/attachments/forms.py
    
    
    
    Tool: Pyflakes
    Processed Files:
        reviewboard/attachments/forms.py
    
    
  2. 
      
chipx86
  1. 
      
  2. reviewboard/attachments/forms.py (Diff revision 2)
     
     
    Show all issues

    Can we add a comment above this conditional talking about this, and referencing the bug? It's obscure enough that I think it's worth calling out.

    (I'm still a bit skeptical that browsers would be sending such a broken mimetype, but it doesn't hurt to have this I suppose.)

  3. 
      
david
reviewbot
  1. Tool: PEP8 Style Checker
    Processed Files:
        reviewboard/attachments/forms.py
    
    
    
    Tool: Pyflakes
    Processed Files:
        reviewboard/attachments/forms.py
    
    
  2. 
      
chipx86
  1. Ship It!

  2. 
      
david
Review request changed
Status:
Completed
Change Summary:
Pushed to release-2.0.x (928eb49)