Deprecation: #88238 - Allowed MIME types of FileUpload and ImageUpload¶
See Issue #88238
allowedMimeTypes of the
ImageUpload form elements are deprecated and should not be relied on any longer. These will be removed in TYPO3v11.
The “form” extension setup did contain some predefined MIME types for the elements
TYPO3: CMS: Form: prototypes: standard: formElementsDefinition: FileUpload: properties: allowedMIMETypes: ['application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/vnd.oasis.opendocument.text', 'application/pdf'] ImageUpload: properties: allowedMIMETypes: ['image/jpeg', 'image/png', 'image/bmp']
Predefined values like this are used as starting values while the form element is created and later on, values from the form definition are merged.
Thus, a form definition like this:
type: Form identifier: test-1 label: test prototypeName: standard renderables: - type: Page identifier: page-1 label: Step renderables: - type: FileUpload identifier: fileupload-1 label: 'File upload' properties: saveToFileMount: '1:/user_upload/' allowedMIMETypes: - application/pdf
… resulted in a final form element definition like this:
type: FileUpload identifier: fileupload-1 label: 'File upload' properties: saveToFileMount: '1:/user_upload/' allowedMIMETypes: - application/msword - application/vnd.openxmlformats-officedocument.wordprocessingml.document - application/vnd.oasis.opendocument.text - application/pdf
The expected behavior was that only files of type
application/pdf are accepted, but actually all preconfigured MIME types within the ext:form setup were also valid.
To make the MIME type validation of
ImageUpload more strict, the preconfigured MIME types have been deprecated and will be removed in TYPO3v11.
The predefined MIME types will be removed in version 11. In version 10 the feature toggle
form.legacyUploadMimeTypes can be disabled to enforce the new behavior.
Instances which use the “form” extension with
ImageUpload form elements.
Explicitly list all valid MIME types in
allowedMimeTypes within your form definition. Afterwards disable the
form.legacyUploadMimeTypes feature flag.