According to Laravel's documentation you may get a file extension using the extension() method from the UploadedFile class, but how accurate it is?
From documentation:
The extension method will attempt to guess the file's extension based
on its contents. This extension may be different from the extension
that was supplied by the client:
So, what I understand the method is not 100% accurate, but why?, can someone please explain.
You can't always rely on the extension of a file. I can take any image file, and change the extension to .docx. But trying to find the original extension of the file is not that easy.
Most files have a header which depict the type and I think that is what's being used here. But not all files have this. So there is no way of getting the type of any file for sure.
Update: Laravel uses the guessExtension method from Symfony to do this. This method works based on the mime type of a file, which is not always present. And when no mime type is found, Symfony guesses the mime type based on the file's meta data.
Related
I'm trying to upload .cert files using a form.
I did set the validation for the input like this :
'cert'=>'required|mimes:cert',
I'm getting an error when I'm uploading .cert file that the file is not valid.
so I read that the issue is related to the browser mimes Types.
any idea how i can make this work?
Considering you are using the latest version of laravel. I think you need to replace mime cert with cer or ca. Please see the image below.
Reference links:
https://laravel.com/docs/5.8/validation
https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
I have searched everywhere for an answer to this but cannot seem to find one.
I am trying to validate an XML file against an XSD file. I have so far written this.
$x_validate = new DOMDocument();
$x_validate->load($xml_path);
$x_validate->schemaValidate($xsd_path);
At first the paths were set to a remote location. I then realised that these remote files require authentication to be seen. So to avoid this I downloaded the files into my directory so the paths were like the following.
$xml_path = "./test-v1.xml";
$xsd_path = "./test-v1.xsd";
The only problem with this is that it didn't work and I got some errors. One of them being this. I blanked out the URL for security purposes.
Warning: DOMDocument::schemaValidate() [domdocument.schemavalidate]: Element '{http://www.w3.org/2001/XMLSchema}include': Failed to load the document 'https://****' for inclusion. in C:\Xampp\htdocs\cdes\xml-validation\run-validation.php on line 15
So because of this error I am back to my original remote referencing of the URL.
Can someone please point me in the right direction to send the authentication username and password to the XSD and XML file before validating the schema?
Thank you.
You should download the files to your local harddisk including those that are referenced via the includes and then use a so called Catalog to automatically use the local files instead of the URIs.
This will also greatly improve validation speeds. I have this exemplary outlined in a different Q&A material:
Speeding up XML schema validations of a batch of XML files against the same XML schema (XSD)
For the authentication problems you write about with the error information you have provided it's not entirely clear what exactly causes this and how to solve it (apart from using the catalog). When you're able to download the files with your browser, go for the local copies. Most often you can download a set of XSD files as well in a zip package or similar.
If you can't manage to download, then you would need to troubleshoot the HTTP connection(s) which requires you to either trace the requests with a network sniffer or you inject your own handling with the external loader callback (see libxml_set_external_entity_loader()) which is available with PHP 5.4 and also you can inject callback into the stream via libxml_set_streams_context() and notifications on stream_notification_callback().
TLDR: Go for catalogs.
Not sure if that's supported by the DOMDocument class, but you can normally add authentication data to a URL in this format:
http://username:password#cooldomain.com/bla.xsd
Have you tried adding that to the XSDs path?
I read that for images, it's not safe to depend on the file extension and that it's better to try to open the php with an image library like gd to verify its extension.
What about other types of files? If I have a .doc or .pdf or any other file type, how can I really tell the file type is really what it claims it is?
If you are on a *nix system the file command does a pretty good job at guessing mime type. It is not perfect, and fails on 'nested' types like .tar.gz but it is pretty good.
As i understand it Fileinfo uses the same magic numbers approach as file without needing to go to the shell...
I don't know if it works for any file type, but you can check mime type using mime_content_type or filetype.
I have local access to files, which I need to get their MIME types. Working in WAMP/LAMP, CodeIgniter, and Zend libraries. What's the best way to get MIME type information?
There's no easy way. You could try:
http://www.php.net/manual/en/function.finfo-file.php
// return mime type ala mimetype extension
$finfo = finfo_open(FILEINFO_MIME_TYPE);
Of course, this assumes you can install PECL extensions.
I think you need head. Quickest way is to do a head request, or in PHP under apache you can use apache_lookup_uri or in PHP 5.3 you can use FileInfo (I'd still recommend apache_lookup_uri or a simple head request though).
Its never a good idea to try and find the mime type based on the file extension, as this can obviously be renamed by the used whos uploading - from .exe to .jpg
Real mime type detection is part of your overall security measures.
Parse your Apache's mime.types file.
Try CI's built in function "get_mime_by_extension($file)". You can find it in the "system/helpers/file_helper.php" file
I am using xampplite1.7.2 which using PHP5.3.0 I am trying to find the file MIME type. But its giving me error:
Call to undefined function
finfo_open()
I read the PHP Manual its says that this function support in PHP 5.3 and as i mention that i am using xampplite1.7.2 which using PHP5.3 then why this error occur. I also used
$_FILES['image']['type']
Which is showing me the type correctly. I am very confuse that many people i found told different ways to get MIME-TYPE by using Fileinfo and getimagesize() but none refers to $_FILES['image']['type'].
What is the difference in all these functions.
Actually i created doc file and then i changed it to JPG by changing its extension. My problem is that when i check the MIME type by using $_FILES['image']['type'] Its showing me image/jpeg is this showing the correct MIME_type and if i use other methods will they show me the correct type of this file which is a .doc file. Because i need to find a way to get the correct type of this file which was .doc.
What are the ways to find solve this issue because i am keep trying to solve this issue sine last 24 hours but it seems very difficult to find MIME-type in PHP. i am not very exercised in working with PHP. SO please someone help me to solve this problem.
Actually i want to find that the given file is a valid image file or not.
Thanks
The fileinfo.so PHP extension may not be enabled by default (it's not in WampServer 2). Check your xampplite config for enabled PHP extensions, enable it if it's not and restart the web server.