Tickets :: [#2052] Reject bogus MIME types for attachments

Summary	Reject bogus MIME types for attachments
Queue	IMP
Queue Version	HEAD
Type	Enhancement
State	Rejected
Priority	1. Low
Owners
Requester	chuck (at) horde (dot) org
Created	05/31/2005 (7361 days ago)
Due
Updated	10/25/2005 (7214 days ago)
Assigned
Resolved	10/25/2005 (7214 days ago)
Milestone
Patch	No

10/25/2005 09:43:20 PM	Chuck Hagenbuch	Comment #3 State ⇒ Rejected	Reply to this comment
I obviously has _something_ in mind when I created this, but I have no idea what it was. Maybe XSS exploits through Content-type headers? Still. Doesn't seem reasonable now.

10/24/2005 12:46:27 PM	Jan Schneider	Comment #2	Reply to this comment
And how do we determine what a bogus mime type is?

05/31/2005 03:36:58 AM	Chuck Hagenbuch	Comment #1 State ⇒ Feedback Priority ⇒ 1. Low Type ⇒ Enhancement Summary ⇒ Reject bogus MIME types for attachments Queue ⇒ IMP	Reply to this comment
If the browser tries to specify a blatantly stupid content-type for an uploaded file, we should say no. How we say no, though, I have no idea. The easiest way is to just refuse, but that's likely to piss people off. I really don't want to go down the content-type sniffing road though.