Deprecation: #88238 - Allowed MIME types of FileUpload and ImageUpload¶
See forge#88238
Description¶
The predefined allowedMimeTypes
of the FileUpload
and ImageUpload
form elements are deprecated and should not be relied on any longer. These will be removed in TYPO3v11.
The "form" extension setup did contain some predefined MIME types for the elements FileUpload
and ImageUpload
:
TYPO3:
CMS:
Form:
prototypes:
standard:
formElementsDefinition:
FileUpload:
properties:
allowedMIMETypes: ['application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/vnd.oasis.opendocument.text', 'application/pdf']
ImageUpload:
properties:
allowedMIMETypes: ['image/jpeg', 'image/png', 'image/bmp']
Predefined values like this are used as starting values while the form element is created and later on, values from the form definition are merged.
Thus, a form definition like this:
type: Form
identifier: test-1
label: test
prototypeName: standard
renderables:
-
type: Page
identifier: page-1
label: Step
renderables:
-
type: FileUpload
identifier: fileupload-1
label: 'File upload'
properties:
saveToFileMount: '1:/user_upload/'
allowedMIMETypes:
- application/pdf
... resulted in a final form element definition like this:
type: FileUpload
identifier: fileupload-1
label: 'File upload'
properties:
saveToFileMount: '1:/user_upload/'
allowedMIMETypes:
- application/msword
- application/vnd.openxmlformats-officedocument.wordprocessingml.document
- application/vnd.oasis.opendocument.text
- application/pdf
The expected behavior was that only files of type application/pdf
are accepted, but actually all preconfigured MIME types within the ext:form setup were also valid.
To make the MIME type validation of FileUpload
and ImageUpload
more strict, the preconfigured MIME types have been deprecated and will be removed in TYPO3v11.
Impact¶
The predefined MIME types will be removed in version 11. In version 10 the feature toggle form.legacyUploadMimeTypes
can be disabled to enforce the new behavior.
Affected Installations¶
Instances which use the "form" extension with FileUpload
or ImageUpload
form elements.
Migration¶
Explicitly list all valid MIME types in allowedMimeTypes
within your form definition. Afterwards disable the form.legacyUploadMimeTypes
feature flag.