如何在PHP中验证通过URL上传的文件

Question

How to validate files before moving/uploading in the system.

I know how to validate file uploads in general, but I am looking for a solution about validating files that are uploaded by URL.

Here, have a look at my code, which refers to get the file and save it in my system :-

$file_url = 'https://www.something.com/images/Image.png'; // URL of the image/File
$destination_url = '/pictures/pics/image.jpeg';

// I have to assume that it's an image, and adding .jpeg since I don't know how to validate files without uploading it.

$data = file_get_contents($file_url); //gets the content of the file.
file_put_contents($destination_url, $data); //finally moves the file to system

---

And now I can do all the things, like getting it's name,size,type and so on, but that's not the point, Is there any way to validate the file before moving it to the system, since this procedure is really bad in security perspective, considering anyone can upload any size/type of file.

---

And before suggesting any library, please keep in mind I am using laravel framework.

Answer 1

Use cURL to check for the file mime-type. http://php.net/manual/en/function.curl-getinfo.php

Answer 2

You can use get-headers() to obtain information such as content type and filesize before actually downloading the file contents.

To validate if the file is really what it says it is, eg to check that a .pdf file is not actually a .zip file in disguise, now that is a whole different story and I'm afraid there's no universal way to check that.