PHP 获取远程文件 MIME 类型

Question

嘿，检查远程文件 mime 类型的最快方法是什么......我正在考虑从第一个字节中读取一些，也许更多......我花了一些时间思考如何使事情正确，但我什么都没想...我必须检查远程文件是否是mp3，但必须是fastcheck ...

Answer 1

PHP curl_getinfo()

<?php
    # the request
    $ch = curl_init('http://www.google.com');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_exec($ch);

    # get the content type
    echo curl_getinfo($ch, CURLINFO_CONTENT_TYPE);

    # output
    // text/html; charset=ISO-8859-1
?>

output

HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Fri, 09 Apr 2010 20:35:12 GMT
Expires: Sun, 09 May 2010 20:35:12 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219

To actually confirm if the file contains actual MP3 data or any other media format, I use getID3() .

Answer 2

Make a HEAD request. See what Content-Type the server claims it is.

This stackoverflow question discusses accessing HTTP headers via PHP.

Answer 3

When checking only the Content-Type of the remote server you're trusting it:

• The remote server could be malicious and serve a wrong Content-Type on purpose
• Content-Type is generated using the file extension, so a malicious user could store a wrong file type with an authorized extension to bypass your security

A safer approach is download the file in a temporary folder and then use mime_content_type to check the MIME-type locally using magic.mime .

This technique only use the magic number , only reading the first bytes (header) of the file, that can be bypassed.

The most secure approach is to use a library that verify that the given file is valid for the required type it should be.