PHP get remote file mime-type
Question
嘿,检查远程文件 mime 类型的最快方法是什么......我正在考虑从第一个字节中读取一些,也许更多......我花了一些时间思考如何使事情正确,但我什么都没想...我必须检查远程文件是否是mp3,但必须是fastcheck ...
3 answers
solution1
16 2012-09-29 22:07:56
PHP curl_getinfo()
<?php
# the request
$ch = curl_init('http://www.google.com');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_exec($ch);
# get the content type
echo curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
# output
// text/html; charset=ISO-8859-1
?>
output
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Fri, 09 Apr 2010 20:35:12 GMT
Expires: Sun, 09 May 2010 20:35:12 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
To actually confirm if the file contains actual MP3 data or any other media format, I use getID3() .
solution2
6 2012-09-29 22:04:00
Make a HEAD request. See what Content-Type the server claims it is.
This stackoverflow question discusses accessing HTTP headers via PHP.
solution3
1 2019-11-02 00:40:30
When checking only the Content-Type of the remote server you're trusting it:
- The remote server could be malicious and serve a wrong Content-Type on purpose
- Content-Type is generated using the file extension, so a malicious user could store a wrong file type with an authorized extension to bypass your security
A safer approach is download the file in a temporary folder and then use mime_content_type to check the MIME-type locally using magic.mime .
This technique only use the magic number , only reading the first bytes (header) of the file, that can be bypassed.
The most secure approach is to use a library that verify that the given file is valid for the required type it should be.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.