PHP Language - Uploads and mime type

Author

Uploads and mime type

Mad Hatter

2007-11-15, 7:26 pm

Hi folks

I'm a bit

with an upload script that I've written. I want to be
able to check the file type of an upload by checking the mime type but I'm
not getting the results that I thought I should. According to what I've
read .zip files should return something like 'application/zip' or
'application/x-zip-compressed', RAR should return
'application/x-rar-compressed' but both return 'application/octet-stream'.
I'm getting the results that I expected when checking .jpg, .png of .gif
files.

I'm checking the mime type using $_FILES['userfile']['type']

Anyone throw some light on this for me?

2007-11-21, 7:59 am

On 15 Nov, 14:52, Mad Hatter <co...@class31.co.uk> wrote:
> Hi folks
>
> I'm a bit

with an upload script that I've written. I want to be
> able to check the file type of an upload by checking the mime type but I'm
> not getting the results that I thought I should. According to what I've
> read .zip files should return something like 'application/zip' or
> 'application/x-zip-compressed', RAR should return
> 'application/x-rar-compressed' but both return 'application/octet-stream'.
> I'm getting the results that I expected when checking .jpg, .png of .gif
> files.
>
> I'm checking the mime type using $_FILES['userfile']['type']
>
> Anyone throw some light on this for me?

Yes - don't bother. You are making assumptions about how the client is
configured which will probably lead to vulnerabilities in your code
(unless you control all the clients - in which case its simply a
matter of setting the file extension to mime type mapping correctly).

While on most proper systems the 'file' command is available to find
the type of a file, its advisable to also filter the content through a
type conversion utility (like imagemagick, ffmpeg or wv).

C.

Sponsored Links