Validation Failed: Upload File Has an Extension That Does Not Match Its Contents

Validation failed: Upload file has an extension that does not match its contents

The Paperclip spoofing validation checks are failing because the file command is not able to accurately determine the filetype.

In your log content type discovered from file command: . - the blank space before the period is the result of the output - i.e. blank. However the other side of the comparison uses purely the file extension which is being correctly picked up as an excel file. Hence your validation failure.

The current version of Paperclip is using file -b --mime-type to determine the file, however --mime-type is not supported by all implementations. There is a change to use --mime instead but it's not in a milestone yet.

I think you have a some options. Which you choose depends on how concerned you are about some dodgy file being uploaded and being called an excel file. If you are worried about this then try option 1; if you are not worried go for option 2 or 3.

1) Override the spoofing check to use --mime instead of --mime-type.

Override the type_from_file_command in an initializer:

module Paperclip
  class MediaTypeSpoofDetector
    private

    def type_from_file_command
      # -- original code removed --
      # begin
      #   Paperclip.run("file", "-b --mime-type :file", :file => @file.path)
      # rescue Cocaine::CommandLineError
      #   ""
      # end

      # -- new code follows --
      begin
         Paperclip.run("file", "-b --mime :file", :file => @file.path)
      rescue Cocaine::CommandLineError
        ""
      end
    end
  end
end

2) Bypass the file check by setting the file type totally from it's file extension.

Set this Paperclip option somewhere that is read during initialisation of the application (e.g. config/application.rb, config/environments/<environment>.rb or an config/initializers/paperclip.rb):

Paperclip.options[:content_type_mappings] = { xlsx: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' }

3) Disable spoofing altogether.

Override the spoofing check by creating something like this in an initializer:

module Paperclip
  class MediaTypeSpoofDetector
    def spoofed?
      false
    end
  end
end

Update:

The validation you have in your model is not the cause of this problem. This validates which types of files you are allowed to load; what you are seeing is Paperclip calculating that the type of the file is valid but its content do not match the type of the file.

Assuming you can get the spoofing validation to work, there is one anomaly with your content validation. The error message you output says "only XML, EXCEL files are allowed", however your actual validation is checking for MS word and excel files, not xml.

If your message is correct and you do want to allow only xml and excel files you should change the content_type validation to be:

validates_attachment_content_type :upload_file, :content_type => %w(application/xml application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet),
                                                :message => ', Only XML,EXCEL files are allowed. '

how to solve File upload validation problem in yii2

Remove the straight brackets of attribute "extensions"

Instead of:

[['file'], 'file', 'skipOnEmpty' => false,'maxSize'=>1024 * 1024 * 2, 'extensions'=> ['png, jpg,jpeg,gif,pdf']],

You should have this:

[['file'], 'file', 'skipOnEmpty' => false,'maxSize'=>1024 * 1024 * 2, 'extensions'=> 'png, jpg, jpeg, gif, pdf'],

Paperclip validation error on rails

Changed the validation and worked like a charm!

validates_attachment_file_name :attachment, matches: [/\.xls/, /\.xlsx?$/, /\.csv?$/]

---

Related Topics