Reply to Re: Uploads and mime type

Your name:

Reply:


Posted by C. on 11/21/07 12:58

On 15 Nov, 14:52, Mad Hatter <co...@class31.co.uk> wrote:
> Hi folks
>
> I'm a bit confused with an upload script that I've written. I want to be
> able to check the file type of an upload by checking the mime type but I'm
> not getting the results that I thought I should. According to what I've
> read .zip files should return something like 'application/zip' or
> 'application/x-zip-compressed', RAR should return
> 'application/x-rar-compressed' but both return 'application/octet-stream'.
> I'm getting the results that I expected when checking .jpg, .png of .gif
> files.
>
> I'm checking the mime type using $_FILES['userfile']['type']
>
> Anyone throw some light on this for me?

Yes - don't bother. You are making assumptions about how the client is
configured which will probably lead to vulnerabilities in your code
(unless you control all the clients - in which case its simply a
matter of setting the file extension to mime type mapping correctly).

While on most proper systems the 'file' command is available to find
the type of a file, its advisable to also filter the content through a
type conversion utility (like imagemagick, ffmpeg or wv).

C.

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация