Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hi and thanks in advance.

I run apache 2.2.22 , php 5.3.10-10 in Ubuntu 12.04.

I have been working through the chapter13 Review and Pursue topics . The Pursue 4/5th topics suggest modifying the upload_rtf.php code.
I have added code to display the name, type and size of a file that has been offered for uploading.

I get some unexpected and inconsistent results for MIME types for an RTF file type and also some other file types. The relevant code is:

 

//indicate it's OK: also print file MIME type
            echo '<p><em>The ' . finfo_file($fileinfo, $_FILES['upload']['tmp_name']) . ' file would be acceptable.</em></p>';
            //print_r($_FILES['upload']) ; //just testing the array
            echo '<p><em>The file <b>' . $_FILES['upload']['name'] . '</b> is a MIME type ' . $_FILES['upload']['type'] . '. The file size is ' . $_FILES['upload']['size'] . ' bytes.</em></p>';

When the code is executed in the browser (Firefox 17.0.1):

  • An rtf file is given as text/rtf by one line then application/rtf by the next line.
  • A php file is given as text/x-php on the first line then application/x-php by the second line.
  • However, a jpg or gif file is given as image/jpg or image/gif on both lines.

I have looked around the 'net for explanations, but haven't found anything that led to an understanding of how this occurs.

Can anybody suggest why this should be?

Link to post
Share on other sites

The finfo_file() method uses the actual file's magic bytes. The browser does not. The browser uses an internal listing of associations. That's why you're sometimes getting different results for less common file types.

Link to post
Share on other sites

Hi Larry,

Thank you for your very prompt reply.

I take it then that finfo_file() is going to depend on browser variety? Firefox may possibly give different results from IE or Chrome?

I guess then that finfo_file() would be the one to use where the file's attributes/MIME type is critical.

Gratitude for unravelling that.

old.graham

Link to post
Share on other sites

Almost got it: finfo_file() is browser independent. It uses the file data itself, and should always be reliable. The MIME types from the browsers can be unreliable, and can be hacked by malicious users. 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...