Determine file Upload type

The full name of the MIME is the "Multipurpose Internet Mail Extensions" Multipurpose Internet Messaging Extension Service, a Multipurpose Internet Mail Extension protocol that was first applied to the e-mail system in 1992, but later applied to browsers. The server tells the browser the type of multimedia data they send, and the notification means the MIME type of the multimedia data to let the browser know which information is MP3 and which are Shockwave files and so on. The server puts the MIME markers in the transferred data to tell the browser which plug-in to use to read the related files.

File	Upload with IE7	Upload with Firefox3.0
Gif	Image/gif	Image/gif
Jpg	Image/pjpeg	Image/jpeg
Zip	Application/x-compressed	Application/octet-stream
Jsp	Text/html	Text/html
Exe	Application/octet-stream	Application/octet-stream

The yellow picture on the top. The red figure shows the different mime differences uploaded by different browsers, and for the time being, there's no way to modify the fake mime.

<form enctype= "Multipart/form-data" action= "URL" method= "POST" > <input type= "hidden" name= "Max_file_"
SIZE "value=" 1000 ">
<input name=" myFile "type=" file ">
<input type=" Submit "value=" Upload file ">
</form>

After this code uploads the file:

Using PHP:

The MIME type of the $_files[' myFile ' [' type '] file requires the browser to provide support for that information, such as "Image/gif".

Use the STRUTS2 restriction type:

<interceptor-ref name= "FileUpload" >
<param name= "Allowedtypes" >application/zip,application/ x-zip-compressed,application/rar,application/octet-stream</param>
<param name= "MaximumSize" > 3145728</param>
</interceptor-ref>

Use of C/java (provided by Renren 文斌):

public static Boolean isimagejpeg (byte[] blob) {if (BLOB!= null && blob.length > 2) {//0x
           FFD8 if (blob[0] = = (byte) 0xFF && blob[1] = = (byte) 0xd8) {return true;
    return false;
           public static Boolean isimagebmp (byte[] blob) {if (BLOB!= null && blob.length > 2) { Bm:windows 3.1x, km, NT, ...//BA:OS/2 Bitmap Array//CI:OS/2 Color Icon//cp:os/
               2 Color pointer//IC:OS/2 ICON//PT:OS/2 pointer if ((blob[0) = = ' B ' &&
              BLOB[1] = = = ' M ') | | (blob[0] = = ' B ' && blob[1] = = ' A '))
           {return true;
    return false;  public static Boolean isimagepng (byte[] blob) {if (BLOB!= null && blob.length > {//
      4E 0D 0A 1 a 0A     if (blob[0] = = (byte) 0x89 && blob[1] = = (byte) 0x50 && blob[2] = = (byte) 0x
              4E && blob[3] = = (byte) 0x47 && blob[4] = = (byte) 0x0D &&
              BLOB[5] = = (byte) 0x0A && blob[6] = = (byte) 0x1A && blob[7] = = (byte) 0x0A)
       return true;
    return false; public static Boolean isimagegif (byte[] blob) {if (BLOB!= null && blob.length > 3) {//Only 3 bytes of GI F.
              This only avoids exceptions if (blob[0] = = ' G ' && blob[1] = = ' I ' && blob[2] = = ' F ')
       return true;
    return false;
 }

--------------------------------------------------------------------------------------------------------------- -----------------

The purpose of this article is to further correct the MIME judgment described earlier and to add code that affects the size of the file uploads in a nginx environment.

Upload Type control:

In my (54chen) work found that in fact, modify the file suffix, the browser will be very stupid to send the wrong MIME type, so the previous judgement is a half error method (except the C code is correct).

Spread a section of PHP on the Internet to read the file to determine the type of file types, there are some bugs, after I (54chen) modify the measurement, it should be this way:

/**
* Read the first few bytes of the file to determine the file type
*
* @return String
/function Checktitle ($filename) {
$file     = fopen ($filename, "RB");
$bin      = Fread ($file, 2);//Read only 2 bytes
fclose ($file);
$strInfo  = @unpack ("C2chars", $bin);
$typeCode = Intval ($strInfo [' chars1 ']. $strInfo [' chars2 ']);
$fileType = ';
Switch ($typeCode)
{case
7790:
$fileType = ' exe ';
break;
Case 7784:
$fileType = ' midi ';
break;
Case 8297:
$fileType = ' rar ';
break;
Case 255216:
$fileType = ' jpg ';
break;
Case 7173:
$fileType = ' gif ';
break;
Case 6677:
$fileType = ' bmp ';
break;
Case 13780:
$fileType = ' png ';
break;
Default:
$fileType = ' unknown '. $typeCode;
}
Fix
if ($strInfo [' chars1 ']== '-1 ' && $strInfo [' chars2 ']== ' -40 ') {return
' jpg ';
}
if ($strInfo [' chars1 ']== ' -119 ' && $strInfo [' chars2 ']== ') {return
' png ';
}
return $fileType;
}

This code can very correctly distinguish the modified file, so as to prevent the modification of the suffix name upload.

Upload Size control:

In the PHP code directly read $_file size, and if it is a particularly large file, and the use of Php+nginx words, it is very likely that more than 2M of documents directly by the Nginx to throw 413 errors.

Solutions:

Modify/etc/nginx/nginx.conf

Locate the server segment for the corresponding domain name: Modify the value of the Client_max_body_size, which is 2M by default.

This is not enough, if you do not modify the value in the php.ini, you will find that uploaded files with the above code to determine the type of time will be problematic.

Modify/etc/php.ini

Find Upload_max_filesize, modify this value, the default is 2M.

A toss, the type and size of the control is basically perfect. Important PS:

For the upload file type judgment, has not been very good method, even if uses the above code, also has the method constructs the false picture (how constructs no longer spreads), some people use getimagesize to judge, is a good method:

if (In_array ($attach [' ext '], array (' jpg ', ' jpeg ', ' gif ', ' png ', ' SWF ', ' BMP ')) && function_exists (' GetImageSize ') && @getimagesize ($target)) {
    @unlink ($target);
    Upload_error (' post_attachment_ext_notallowed ', $attacharray);
   }

Excerpt from DZ code.

Function Reference Http://cn2.php.net/getimagesize

This article from: http://www.54chen.com