How to verify the mime type of pdf file in drupal file upload.
Issue: any one can upload script file just by renaming or adding extension of the file (eg: script.php.pdf)
I have implemented the mime type check for image upload (as it is a separate module), but can't figure out where to validate the mime type of pdf files.
Code for Image MIME type check:
$supported_mime = array('image/jpg', 'image/jpeg', 'image/png', 'image/gif');
$elements[$delta]['#upload_validators']['file_validate_mime_type'][0] = implode('::', $supported_mime);
Code for additional validation should be placed in your hook_file_validate() funciton:
https://api.drupal.org/api/drupal/modules%21system%21system.api.php/function/hook_file_validate/7.x
However, it seem very unlikely that just renaming files (hiding real extension) can do the trick and fool Drupal. I mean even if php if php file is uploaded, with .pdf extension it's not going to be executed.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.