old.graham Posted March 16, 2013 Share Posted March 16, 2013 Hi and thanks in advance. I run apache 2.2.22 , php 5.3.10-10 in Ubuntu 12.04. I have been working through the chapter13 Review and Pursue topics . The Pursue 4/5th topics suggest modifying the upload_rtf.php code.I have added code to display the name, type and size of a file that has been offered for uploading. I get some unexpected and inconsistent results for MIME types for an RTF file type and also some other file types. The relevant code is: //indicate it's OK: also print file MIME type echo '<p><em>The ' . finfo_file($fileinfo, $_FILES['upload']['tmp_name']) . ' file would be acceptable.</em></p>'; //print_r($_FILES['upload']) ; //just testing the array echo '<p><em>The file <b>' . $_FILES['upload']['name'] . '</b> is a MIME type ' . $_FILES['upload']['type'] . '. The file size is ' . $_FILES['upload']['size'] . ' bytes.</em></p>'; When the code is executed in the browser (Firefox 17.0.1): An rtf file is given as text/rtf by one line then application/rtf by the next line. A php file is given as text/x-php on the first line then application/x-php by the second line. However, a jpg or gif file is given as image/jpg or image/gif on both lines. I have looked around the 'net for explanations, but haven't found anything that led to an understanding of how this occurs. Can anybody suggest why this should be? Link to comment Share on other sites More sharing options...
Larry Posted March 18, 2013 Share Posted March 18, 2013 The finfo_file() method uses the actual file's magic bytes. The browser does not. The browser uses an internal listing of associations. That's why you're sometimes getting different results for less common file types. Link to comment Share on other sites More sharing options...
old.graham Posted March 18, 2013 Author Share Posted March 18, 2013 Hi Larry, Thank you for your very prompt reply. I take it then that finfo_file() is going to depend on browser variety? Firefox may possibly give different results from IE or Chrome? I guess then that finfo_file() would be the one to use where the file's attributes/MIME type is critical. Gratitude for unravelling that. old.graham Link to comment Share on other sites More sharing options...
Larry Posted March 18, 2013 Share Posted March 18, 2013 Almost got it: finfo_file() is browser independent. It uses the file data itself, and should always be reliable. The MIME types from the browsers can be unreliable, and can be hacked by malicious users. Link to comment Share on other sites More sharing options...
Recommended Posts