stackoom
  简体   繁体   中英

check compatibility between file extensions with mimetype in php

 原文  2018-07-22 11:12:22       php/ arrays/ mime-types/ file-extension/ fileinfo

Question

how to make sure that the file has a specified extension and mimetype, because it could be someone changing the file extension. this can be used to prevent file uploads with the same file extension but different mimetype.

this is my code, but the result is not what I want : 

function mimeInfo($filename) {
    $realpath = realpath( $filename );
    if ( $realpath
        && function_exists( 'finfo_file' )
        && function_exists( 'finfo_open' )
        && defined( 'FILEINFO_MIME_TYPE' )
    ) {
        // Use the Fileinfo PECL extension (PHP 5.3+)
        return finfo_file( finfo_open( FILEINFO_MIME_TYPE ), $realpath );
    }
    if ( function_exists( 'mime_content_type' ) ) {
        // Deprecated in PHP 5.3
        return mime_content_type( $realpath );
    }
    return false;
}

function uploadAllows($pathfile){
$fileAllows = array(
        "rar"=>"application/x-rar",
        "xls"=>array(
            "application/vnd.ms-office",
            "application/x-msexcel",
            "application/x-excel",
            "application/excel",
            "application/vnd.ms-excel",
        )
    );

$mimeInfo = mimeInfo($pathfile);
$file = pathinfo($pathfile);
$ext = $file['extension'];

   if(count($fileAllows[$ext])>1){
            if(in_array($mimeInfo, $fileAllows[$ext])){
                return true;
            }else{
                return false;
            }
        }else{
            if(in_array($mimeInfo, $fileAllows)){
                return true;
            }else{
                return false;
            }
        }
}

expected 1: 

1. extension must *.rar
2. mimetype must "application/x-rar"

expected 2: 

1. extension must *.xls
2. mimetype must one of the spesific array

Thanks.

1 answers

solution1
 1 ACCPTED  2018-07-22 12:03:19

You should be doing it like this 

// MIME types must be array even if there is only 1 of them
$fileAllows = array(
        "rar"=>array("application/x-rar"),
        "xls"=>array(
            "application/vnd.ms-office",
            "application/x-msexcel",
            "application/x-excel",
            "application/excel",
            "application/vnd.ms-excel",
        )
    );

$mimeInfo = mimeInfo($pathfile);
$file = pathinfo($pathfile);
$ext = strtolower($file['extension']); // convert to lowercase

if(is_array($fileAllows[$ext])) return in_array($mimeInfo, $fileAllows[$ext]);
else return false;

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Difference between PHP and PHP5 file extensions What is the difference between php and html file extensions? PHP version compatibility check Detect excel .xlsx file mimetype via PHP PHP Upload multiple images and check their file extensions prior PHP Compatibility Check Inside HTML PHP include file extensions? how to check for certain extensions in php check for required php-extensions check the php version compatibility of a php script
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM