This has come up before and I've followed this answer but no joy.
I'm trying to upload a .docx file to my CI app but it's giving me
The filetype you are attempting to upload is not allowed.
Now, when I vardump the mimetype of the received file by changing line 199 of system/libraries/upload.php to
$this->_file_mime_type($_FILES[$field]); die(var_dump($this->file_type));
I get
application/vnd.openxmlformats-officedocument.wordprocessingml.document;
charset=binary
...and that IS listed in my application/config/mimes.php file as an acceptable mime for docx.
This being the case, what else could be wrong?
It turns out that, somewhere along the CI flow, the mime had morphed from
application/vnd.openxmlformats-officedocument.wordprocessingml.document
to
application/msword
I have no idea at which point, or why, this happened. When I run the following in my CI controller method, I get the former.
$finfo = finfo_open(FILEINFO_MIME);
$mime = finfo_file($finfo, 'path/to/file.docx');
var_dump($mime);
So I've no idea how it changed to the latter along the way.
Needless to say, adding 'application/msword' to the allowed_types area of the upload options (passed to $this->upload->initialize($options)) solves the problem.
I just recently had the same problem and lost all day to solve it, but without success.
I recommend that you do not waste your time and just allow all the files and then do a php function to check if the file is .docx
Related
I recently had a asked a question very similar to this one, however after evaluating that I did not explain it in the best way I have come back once again explaining it in a greater manner.
So, I am creating a system that will gather data from a MySQL database and use a unique id to download a file, however depending on the value of a column within that database called type, this file could be anything from a png file to an xml file. What I am currently doing is trying to download these files WITHOUT any extension.
As an example to maybe make this easier to understand, a file named image.png would be converted to just image and then downloaded.
With this you could rename the file to image.png again on the local machine and view the image.
This may seem very inefficient to most reading this but for my current situation it's all that will work.
How could I remove a files extension and then download it? (in php)
Thank you in advance.
Just use headers to specify response type.
$filepath = '/wherever/the/file/is.png';
$filename = 'new-cool-name';
header('Content-Type: whatever/content-type-is');
header("Content-disposition: attachment;filename=$filename");
readfile($filepath);
This basically sends a response with specified content-type as an attachment and the body of the attachment contains the file contents. If you never sure what's the content type is, then just use application/octet-stream
Usually when you set out to push a file for downloading from a serverside script, you do so by utilizing http headers like https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition
The filename of the downloadable file is specified in that header
Okay so to remove an extention from a file you could do is
$withoutExtion = preg_replace('/\\.[^.\\s]{3,4}$/', '', $youfilename);
...followed by your file download code
Ok, so I'm creating a website that will let users upload csv-files that are to be scanned in to a mySQL-databse. Because I don't want to risk evil people uploading strange files that can mess with my database I'm guessing it's a good idea to check the mime type of the file. From other threads I've understood that the only way to properly do this is by using finfo(). But I don't get it to work. The following code in my uploadfile.php just prints out the temporary file name followed by "hello".
$filename = $_FILES["file"]["temp_name"];
echo $filename;
if (function_exists('finfo_open')&&$mode==0) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
echo finfo_file($finfo,$filename);
finfo_close($finfo);
echo "hello";
}
So I know that the file has uploaded correctly, I know the function exists, I know that there is no error throughout the if clause. So then why won't it work?
I'm testing this through MAMP, and am thinking that maybe there is some error there? Though it has PHP Version 5.4.4.
I have also tried different versions like:
$mimetype = finfo_file($finfo,$filename);
echo $mimetype;
But nothing works. It never prints any mime type :( What can I do to fix this?
finfo_file can and will return empty string and FALSE if the type is not found.
Problem with mime types here is, you can't trust them either.
I did this before and parsed the files with fgetcsv. Any error there and I discarded the file. This way you can be sure it was valid csv.
When you insert into your database make sure you do the proper escaping or use prepared statements.
Sometimes, when uploading files using <input> tag, I encounter problem where the file extension doesn't match with its mime type defined in application/config/mimes.php. For example when I upload a .doc file, it turns out that its mime type is actually application/octet-stream, not application/msword as expected.
I had this problem sometimes in the past. I did work around by adding application/octet-stream to .doc mime array. But is there a proper way to fix it?
I think the browser have force my file's mime type somehow. Is there any kind of HTTP header or html meta tag to prevent this?
As you can see here this a common problem and the solution you applied is legitimate.
It is not due to problem with codeignitor. It is due to php issue. For instance finfo_file function will return image with extension jpeg as image/png.
So, solution is go to config/mimes.php file and then add corresponding extension.
In case you do not know what is the extension behind the scene php is picking add this code to check.
$finfo = #finfo_open(FILEINFO_MIME);
$mime = #finfo_file($finfo, $_FILES["myname"]['tmp_name']);
$mime will be extension which php finally returns.
I have a file upload, it works great in everything except for firefox, it keeps saying the mimetype isnt supported. This is my code:
if(isset($_POST[submitfile]))
{
$uploadedsong = $_FILES['soup']['tmp_name'];
$mimetype = $_FILES['soup']['type'];
if($mimetype=="audio/mpeg"||$mimetype=="audio/x-mpeg-3"||$mimetype=="audio/mp3"||$mimetype=="audio/x-mpeg"||$mimetype=="audio/x-mp3"||$mimetype=="audio/mpeg3"||$mimetype=="audio/x-mpeg3"||$mimetype=="audio/mpg"||$mimetype=="audio/x-mpg"||$mimetype=="audio/x-mpegaudio")
{
This is allowing uploads for every browser, EXCEPT firefox! extremely frustrating, i dont know why this is happening. Any ideas?
The mime-type for the file-upload is totally informative and not further explicitly (and specifically) binding of what's-o-ever. Don't rely to it.
Firefox is doing nothing wrong here, it's the wrong expectations you've coded into your script - from the PHP ManualDocs:
$_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.
So the use of this information is limited, it is not strict.
You should log which mime-type was uploaded, because you can't test against all browser/OS combinations.
Inspecting the file is necessary as well if you want to ensure it follows the convention of a mp3 file. Next to fileinfoDocs (which is for all files), there is php-reader and Zend_Mimme_Magic and a lot of other mp3 files related libraries.
Try using this to get the mime type
$file_info = new finfo(FILEINFO_MIME);
$mime_type = $file_info->file($file);
Simple question. Is there a way to only allow txt files upon uploading? I've looked around and all I find is text/php, which allows PHP.
$uploaded_type=="text/php
When you upload a file with PHP its stored in the $_FILES array. Within this there is a key called "type" which has the mime type of the file EG $_FILES['file']['type']
So to check it is a txt file you do
if($_FILES['file']['type'] == 'text/plain'){
//Do stuff with it.
}
It's explained very well here. Also, don't rely on file extentions it's very unreliable.
Simply put: there's no way. Browsers don't consistently support type limiters on file upload fields (AFAIK that was planned or even is integrated into the HTML standard, but barely implemented at best). Both the file extension and mime-type information are user supplied and hence can't be trusted.
You can really only try to parse the file and see if it validates to whatever format you expect, that's the only reliable way. What you need to be careful with are buffer overflows and the like caused by maliciously malformed files. If all you want are text files, that's probably not such a big deal though.
You could check the mime type of the uploading file. In codeIgniter, this code is used in the upload library:
$this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
The variable $this->file_type then used to check the upload configuration, to see if the uploaded file is in allowed type or not. You can see the complete code in the CodeIgniter upload library file.
You need to check the file extension of the uploaded file.
There is Pear HttpUpload, it supports this.