0

Hi all,

I need to figure out how to validate the contents of a file. I know how to do it via mime and extension, but i could still upload, for example, a php file that would satisfy those checks.

Any ideas?

regards

paul

2
Contributors
3
Replies
4
Views
6 Years
Discussion Span
Last Post by diafol
0

I don't understand what you're getting at. You want your users to upload php files?

Are these for you to peruse/check or are they supposed to be run in situ?

Seems a bit dodgy to me.

0

What i want is the actual file contents to be validated. I.e if the file is a pdf, i want to check that it really is a pdf. And not another file type in disguise.

for example, the following works with images and pdf's but not for word files

<?php
$file = 'example.pdf'; // pdf gives pdf, images give correct image, but doc and docx gives zip

$file_info = new finfo(FILEINFO_MIME);
echo $mime_type = $file_info->buffer(file_get_contents($file));
0

Ah, I see. Sorry I thought you were trying to get users to upload a php file. My apologies.
Your server settings should prevent php files from being 'run' unless they have a .php extension. *I think*

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.