Re: Checking file type when uploading

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There is a fileinfo module for php (and it's packaged in 5.3)

http://www.php.net/manual/en/intro.fileinfo.phphttp://www.php.net/manual/en/intro.fileinfo.php

However after trying to use "file" in a system call back in the day its great with graphics and some other stuff, but a large number of the video files came out with just a generic binary type. The site needed both pictures and videos to be validated; I had to relax the restriction because most of the video content couldn't be identified.

I would say transcode it (if its videos) so its normalized and consistent with the rest of the site, and ffmpeg etc. will let you know if its not a valid type your server can support. YMMV with fileinfo or system("file") which I believe should give you the same results. Depends on what content you are handling!

On Sep 18, 2010, at 2:32 AM, Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx> wrote:

> On Sat, 2010-09-18 at 11:21 +0200, Peter Lind wrote:
> 
>> On 17 September 2010 23:25, Jim Lucas <lists@xxxxxxxxx> wrote:
>>> Catherine Madsen wrote:
>>>> Hi!
>>>> 
>>>> I have created a form following the PHP manual to upload files and need
>>>> to restrict the upload to only PDF.  How do I check the file type
>>>> ($_FILES['userfile']['type']?) and where: on the form page or on the
>>>> validation page?  I want to be able to tell the users that their file
>>>> doesn't have the right format.  Thank you very much for your help!
>>>> 
>> 
>> You need to use something like http://www.fpdf.org/ to try and
>> actually open the uploaded file - anyone can fake an extension.
>> 
>> Regards
>> Peter
>> 
>> -- 
>> <hype>
>> WWW: http://plphp.dk / http://plind.dk
>> LinkedIn: http://www.linkedin.com/in/plind
>> BeWelcome/Couchsurfing: Fake51
>> Twitter: http://twitter.com/kafe15
>> </hype>
>> 
> 
> 
> An exec() call to the 'file' command (assuming you're on a Linux server)
> should give you back the correct file type as well. I just tested mine
> with file-5.03 on a mis-named file and it correctly detected it. That's
> not to say a carefully crafted file couldn't trick it, but it might be
> good as a general checker where it would be a lot of hassle trying to
> check every single file type by opening it up.
> 
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux