Deprecation: #88238 - Allowed MIME types of FileUpload and ImageUpload¶
See forge#88238
Description¶
The predefined allowed
of the File
and Image
form elements are deprecated and should not be relied on any longer. These will be removed in TYPO3v11.
The "form" extension setup did contain some predefined MIME types for the elements File
and Image
:
TYPO3:
CMS:
Form:
prototypes:
standard:
formElementsDefinition:
FileUpload:
properties:
allowedMIMETypes: ['application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/vnd.oasis.opendocument.text', 'application/pdf']
ImageUpload:
properties:
allowedMIMETypes: ['image/jpeg', 'image/png', 'image/bmp']
Predefined values like this are used as starting values while the form element is created and later on, values from the form definition are merged.
Thus, a form definition like this:
type: Form
identifier: test-1
label: test
prototypeName: standard
renderables:
-
type: Page
identifier: page-1
label: Step
renderables:
-
type: FileUpload
identifier: fileupload-1
label: 'File upload'
properties:
saveToFileMount: '1:/user_upload/'
allowedMIMETypes:
- application/pdf
... resulted in a final form element definition like this:
type: FileUpload
identifier: fileupload-1
label: 'File upload'
properties:
saveToFileMount: '1:/user_upload/'
allowedMIMETypes:
- application/msword
- application/vnd.openxmlformats-officedocument.wordprocessingml.document
- application/vnd.oasis.opendocument.text
- application/pdf
The expected behavior was that only files of type application/
are accepted, but actually all preconfigured MIME types within the ext:form setup were also valid.
To make the MIME type validation of File
and Image
more strict, the preconfigured MIME types have been deprecated and will be removed in TYPO3v11.
Impact¶
The predefined MIME types will be removed in version 11. In version 10 the feature toggle form.
can be disabled to enforce the new behavior.
Affected Installations¶
Instances which use the "form" extension with File
or Image
form elements.
Migration¶
Explicitly list all valid MIME types in allowed
within your form definition. Afterwards disable the form.
feature flag.