I have local access to files, which I need to get their MIME types. Working in WAMP/LAMP, CodeIgniter, and Zend libraries. What's the best way to get MIME type information?
There's no easy way. You could try:
http://www.php.net/manual/en/function.finfo-file.php
// return mime type ala mimetype extension
$finfo = finfo_open(FILEINFO_MIME_TYPE);
Of course, this assumes you can install PECL extensions.
I think you need head. Quickest way is to do a head request, or in PHP under apache you can use apache_lookup_uri or in PHP 5.3 you can use FileInfo (I'd still recommend apache_lookup_uri or a simple head request though).
Its never a good idea to try and find the mime type based on the file extension, as this can obviously be renamed by the used whos uploading - from .exe to .jpg
Real mime type detection is part of your overall security measures.
Parse your Apache's mime.types file.
Try CI's built in function "get_mime_by_extension($file)". You can find it in the "system/helpers/file_helper.php" file
Related
We have a PHP 7.4 code were we upload video files.
All MP4 are seen as MIME=video/mp4.
However in rare occasions and mp4 file is detected by PHP as video/quicktime which we do not allow.
the HTTP Post says it is a video/mp4.
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $file['file']['tmp_name']);
finfo_close($finfo);
Why would mime change if extension is the same? is php looking inside the file for video format?
The function you are using is examining the contents of the file rather than the file name to determine what the apropriate MIME type is.
From the Fileinfo extension documentation where the finfo_* family of functions comes from:
The functions in this module try to guess the content type and encoding of a file by looking for certain magic byte sequences at specific positions within the file. While this is not a bullet proof approach the heuristics used do a very good job.
The rare instances you are encountering are likely the result of someone saving or renaming a QuickTime file with the wrong extension.
According to Laravel's documentation you may get a file extension using the extension() method from the UploadedFile class, but how accurate it is?
From documentation:
The extension method will attempt to guess the file's extension based
on its contents. This extension may be different from the extension
that was supplied by the client:
So, what I understand the method is not 100% accurate, but why?, can someone please explain.
You can't always rely on the extension of a file. I can take any image file, and change the extension to .docx. But trying to find the original extension of the file is not that easy.
Most files have a header which depict the type and I think that is what's being used here. But not all files have this. So there is no way of getting the type of any file for sure.
Update: Laravel uses the guessExtension method from Symfony to do this. This method works based on the mime type of a file, which is not always present. And when no mime type is found, Symfony guesses the mime type based on the file's meta data.
I guess I want to ultimately build out a script that will force the browser in a sense to prompt for a download rather than go directly to the file and I want to do it based off of db entries so its obfuscated just that little bit more. My problem is I can only find a mime type or 2 to work with but I want a fair shares worth. From doc to pdf, to mp3 to avi.. My script is going to run based off extensions of files and then output the proper header just need to know what header to put out with what type of file. Is there a common list of file types known to stream or open within a browser by default that I can just go by?
File extensions are not exactly the most reliable way to determine the file type. You might be interested in doing some MIME guessing. If you app is hosted in Linux, you can benefit from the file command line tool with the -i option:
// Use escapeshellarg() to inject arbitrary file paths
$content_type = `file -i /path/to/file`;
Otherwise, PHP has a PECL extension called Fileinfo.
If you want to stick to file extensions, media types are approved by the IANA.
Update: Fileinfo is a native extension since PHP/5.3.0 (thus no need to install a third-party app). Usage example:
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_file($finfo, '/path/to/file');
finfo_close($finfo);
Too long for a comment. So I put it as an answer.
Testing MIME type support
Firebug can be used to check what headers Apache returns for different
image and movie types. To do this, simply attempt to load the desired
file in HTML. Open Firebug and go to "Net" -> "Headers" -> "Response
Headers". Content-type should appear there. If Apache does not
recognize the image/movie then it will likely be returned as
"text/plain". If Apache does recognize the resource then you should
see the correct MIME type, e.g. "video/webm". Note that if you see
"304 Not Modified" next to the request status, then the resource is
being pulled from cache and the HTTP headers may not reflect any
changes you have made to Apache's configuration. You can use "Control
+ F5" to force Firefox to re-fetch all cached items.
From the hint above, you can test content type response from web server by parsing server response. If text/plain is returned, that means the MIME is not supported.
I'm trying to allow safe upload of web fonts in our application, by checking against mime types. This works for most types of files we allow, but it's a problem for web fonts.
We check the mime-type by using PHP's http://php.net/manual/en/book.fileinfo.php
The problem is that php will detect all web fonts as mime "application/octet-stream", but allowing that, would allow .exe or many other possibly dangerous file uploads.
What is the best way to handle upload of this kind of files?
Find a magic file that contains info about the font formats, and pass that to finfo_open().
I don't rely on mime checkers built in the PHP. I always have problems with them. If your running linux, use the PHP's exec command to execute mimetype command in bash and return it to PHP.
U should use phpinfo to check extension, mime type can be fake, and U can get .php file with mime type of a pdf.
EDIT
$file = "abc.ttf";
if(in_array(strtolower(pathinfo(file, PATHINFO_EXTENSION)), array("ttf")))
{
// OK
}
u can add more extensions to array
If TTF files are the only ones allowed to be uploaded, use this:
http://www.phpkode.com/scripts/item/ttf-info-plus/
I read that for images, it's not safe to depend on the file extension and that it's better to try to open the php with an image library like gd to verify its extension.
What about other types of files? If I have a .doc or .pdf or any other file type, how can I really tell the file type is really what it claims it is?
If you are on a *nix system the file command does a pretty good job at guessing mime type. It is not perfect, and fails on 'nested' types like .tar.gz but it is pretty good.
As i understand it Fileinfo uses the same magic numbers approach as file without needing to go to the shell...
I don't know if it works for any file type, but you can check mime type using mime_content_type or filetype.