Expand my Community achievements bar.

How to check the MIME Type before uploading?

Avatar

Level 3

Hi,

     I've a scenario for security check. When i'm submitting the file to dam, the content type for pdf, docx,doc is "application/pdf", "application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/msword".

I've created a config file for this and whenever i upload a file i'll check for MIME_Type and then i upload.

Code:-

private String[] multiString;

private static final Logger LOG = LoggerFactory.getLogger(PODServlet.class);

@Property(value={"application/pdf", "application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/msword"}, unbounded = PropertyUnbounded.ARRAY, label = "MIME TYPE", cardinality = 50, description = "Multi field config for MIME Type")

private static final String KEY_MULTI_FIELD_PODSERVLET = "PODServlet.MIMEType";

@Activate protected void activate(@SuppressWarnings("rawtypes") final Map context) { 

    this.multiString = PropertiesUtil.toStringArray(context.get(KEY_MULTI_FIELD_PODSERVLET));  

    LOG.info("multiString----------@Ativate----------------->"+multiString);

    

....................

resolver = resolverFactory.getAdministrativeResourceResolver(null);

  Session session = (Session) resolver.adaptTo(Session.class);

  AssetManager assetManager = (AssetManager) resolver.adaptTo(AssetManager.class);

  Asset asset = assetManager.getAssetForBinary(DamUtil.assetToBinaryPath(assetPath));

  String mimeType = this.mimeTypeService.getMimeType(fileName);

  for(int i=0;i<multiString.length;i++){

  if(StringUtils.equals(mimeType, multiString[i]))

  {

  asset = assetManager.createAsset(assetPath, file1, mimeType, true);

  Resource metadataRes = asset.adaptTo(Resource.class).getChild("jcr:content/metadata");

  ModifiableValueMap map = metadataRes.adaptTo(ModifiableValueMap.class);

  map.put("dc:podname", podname);

  map.put("dc:actualDeliveryDate", actualDeliveryDate);

  metadataRes.getResourceResolver().commit();

  }

  }

but when the check for security purpose , its stopping for .pdf and .docx, like it will upload the file but when tried to open it will throw an error message. but this is not happening for .doc file extension.

How can this be resolved ? Or is any other way to check for MIME_Type when third party user try to interrupt the content type and throw an error message ?

Regards,

Nandhini M

6 Replies

Avatar

Level 10

Doesn;t this line of code return the MIME type?

tring mimeType = this.mimeTypeService.getMimeType(fileName);

Avatar

Community Advisor

Hi Nandhini

           @Property(value={"application/pdf", "application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/ms word"},

               Is there a space in ms word ? I assume it should be application/msword. Please check if this minor issue is causing problem?

1226742_pastedImage_4.png

Thanks

Veena

Avatar

Level 9

Hi Nandhini,

You can find using api posted by others. Additionally some times asset might not have type set due to bug in cc app.   You need to have additional custom logic to guess based on file extension.

Thanks,

Avatar

Level 9

Hi,

Not sure about the real problem and get confuse with multiple questions.

  • Are you trying to determine mine-type of uploaded assets?
  • Or Do you get error message while open uploaded dam assets?

let us know what is the real problem?

Regards,

Jitendra

Avatar

Level 3

Hi,

I need to check the MIME_TYPE of the uploaded file. It should accept only 'pdf', 'docx' & 'doc'. From security purpose , through third party tools the CONTENT_TYPE(MIME_TYPE) is being changed and the request is forwarded, So the scenario will be like when i upload a file of type "application/pdf " and using thrid party tools I'm changing it to "image/png" so, in the sever side , this MIME_TYPE should not accept and reject it.

How can this be done in CQ

Thanks !