From ce5b9953c8d4e46cee0009739d61016edd59782e Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Wed, 8 May 2019 16:41:55 -0700
Subject: [PATCH] civicrm/file - Be forgiving about old image hyperlinks

Previous versions of Civi sometimes generated URLs for contact-images with incorrect `&mime-type` values:

http://dmaster.bknix:8001/civicrm/file?reset=1&filename=Hello_cca4153cb14beab37c68ab7f07162425.jpg&mime-type=image/jpg

The recent security update will generate an error if the mime-type is incorrect, so this patch relaxes it
to allow the old links to continue working.
---
 CRM/Core/Page/File.php | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/CRM/Core/Page/File.php b/CRM/Core/Page/File.php
index e32f90f79f..c1f6cd10bf 100644
--- a/CRM/Core/Page/File.php
+++ b/CRM/Core/Page/File.php
@@ -74,7 +74,7 @@ class CRM_Core_Page_File extends CRM_Core_Page {
     }
 
     if (empty($mimeType)) {
-      $passedInMimeType = CRM_Utils_Request::retrieveValue('mime-type', 'String', $mimeType, FALSE);
+      $passedInMimeType = self::convertBadMimeAliasTypes(CRM_Utils_Request::retrieveValue('mime-type', 'String', $mimeType, FALSE));
       if (!in_array($passedInMimeType, explode(',', Civi::settings()->get('requestableMimeTypes')))) {
         throw new CRM_Core_Exception("Supplied mime-type is not accepted");
       }
@@ -114,4 +114,33 @@ class CRM_Core_Page_File extends CRM_Core_Page {
     }
   }
 
+  /**
+   * Translate one mime type to another.
+   *
+   * Certain non-standard/weird MIME types have been common. Unfortunately, because
+   * of the way this controller is used, the weird types may baked-into URLs.
+   * We clean these up for compatibility.
+   *
+   * @param string $type
+   *   Ex: 'image/jpg'
+   * @return string
+   *   Ex: 'image/jpeg'.
+   */
+  protected static function convertBadMimeAliasTypes($type) {
+    $badTypes = [
+      // Before PNG format was ubiquitous, it was image/x-png?
+      'image/x-png' => 'image/png',
+
+      // People see "image/gif" and "image/png" and wrongly guess "image/jpg"?
+      'image/jpg' => 'image/jpeg',
+      'image/tif' => 'image/tiff',
+      'image/svg' => 'image/svg+xml',
+
+      // StackExchange attributes "pjpeg" to some quirk in an old version of IE?
+      'image/pjpeg' => 'image/jpeg',
+
+    ];
+    return isset($badTypes[$type]) ? $badTypes[$type] : $type;
+  }
+
 }
-- 
2.25.1