Test the type yourself. Alternatively, the finfo functions are great, if your server supports them. In addition to deceze, you may also finfo to check the MIME-type of non-image-files:. Sure you could check if it's an image with exif, but a better way I think is to do with finfo like this:. The best way in my opinion is first to use getimagesize followed by imagecreatefromstring. Checking by getimagesize prevents some DoS attacks, because we don't have to try to imagecreatefromstring from every file provided by the user, either non-image file or file too big.
Unfortunately, according to PHP docs cannot be relied on for checking image type content. The imagecreatefromstring finally tries to open the file as an image - if is succeeds - we have an image. That last line is close. It only checks the name. It is not suitable for actual security purposes. I am leaving this answer here so that no one makes the same mistake like me by trying this. Source link. Stack Overflow for Teams — Collaborate and share knowledge with a private group.
It appears to have been removed from PHP. Not sure why, but can be worked around with a user function. The correct little correction: exec will return the mime with a newline at the end, the trim should be called with the result of exec, not the other way around. I added these two lines to my magic. I also had issues with this function. You can either copy it to the existing location, or update your php. The default value appears to be "Off". I made it a bit "dummer" for readability purposes, don't judge me just improve it on your own.
Although inconsistent, this is our best bet in detecting file types reliably. As of PHP 5. If you intend to allow only image uploads, then you can use the inbuilt getimagesize function to ensure that the user is actually uploading a valid image file. This functions returns false, if the file is not a valid image file. If for some reason, you are not able to install Fileinfo, then you can still manually determine the file type by reading the first few bytes of a file and comparing them with known magic bytes associated with the particular file type.
Add a comment. Active Oldest Votes. Improve this answer. Carlo Carlo 2, 21 21 silver badges 29 29 bronze badges. Note that this method has it's own problems ie. Luis Melgratti Luis Melgratti The Overflow Blog. Podcast Making Agile work for data science.
0コメント