[Zope] ExtFile - wrong file extension and content_type

Michael Vartanyan pycry at doli.biz
Tue Feb 7 17:27:46 EST 2006


Which version of ExtFile are you using? Which OS? ExtFile has some 
strange hacks to guess the extension it should use. If it is unable to 
determine the content type from the upload, it would set in to 
"application/octet-stream" (which is OK so far), and then pass this 
wrong finding to guess_extension function of mimetypes module chances 
are that it will return .obj as extension. Whatever. But then ExtFile 
does the following:

            mime_ext = guess_extension(content_type or self.content_type)
            if mime_ext is not None:
                if mime_ext in ('.jpeg', '.jpe'):
                    mime_ext = '.jpg'   # for IE/Win :-(
                if mime_ext in ('.obj',):
                    mime_ext = '.exe'   # b/w compatibility
                if REPOSITORY_EXTENSIONS == MIMETYPE_APPEND:
                    id_name = id_name + id_ext
                id_ext = mime_ext

well. I would really like to know what does this "b/w" mean in this 
context? Not black&white for sure :-). The good news is that you can 
simply change this .exe into whatever you like, the name of the 
repository file really doesn't matter and I agree .exe is a scary 
choice, especially if you are using one very popular operating system.

Regards
Michael

P.S. Looks like a warm/backdoor actually ;-) heh, Gregor? ;)


Palermo, Tom wrote:

> All,
>  
> I am working on a project using ExtFile. Lately, when uploading MS 
> Word files, they get uploaded to the file system as .exe files (eg. 
> test.doc becomes test.exe) and the content_type is set to 
> application/octet-stream instead of application/msword. Sometimes the 
> content_tpye is correct but the file extension is still set to .exe. 
> Does anyone know what could be causing this? Is there a config setting 
> in ExtFile that's doing this? Any ideas would be much appreciated.
>  
> Thanks,
> Tom




More information about the Zope mailing list