The MIME processing problem of PHP

Source: Internet
Author: User
According to personal experience, in PHP processing file upload, often can use the following ways to determine the type of file

  1. By file name suffix, unsafe, very easy to cheat
  2. By mime, some types of files can be spoofed by modifying the file suffix name or by spoofing the server
  3. By the head byte to determine the file type, but the scope of the judgment is limited, such as DOCX/XLSX and other new documents, through the header information, is actually a zip package.

Excuse me, is there any other way to get the file type more reasonably and safely?

Reply content:

According to personal experience, in PHP processing file upload, often can use the following ways to determine the type of file

  1. By file name suffix, unsafe, very easy to cheat
  2. By mime, some types of files can be spoofed by modifying the file suffix name or by spoofing the server
  3. By the head byte to determine the file type, but the scope of the judgment is limited, such as DOCX/XLSX and other new documents, through the header information, is actually a zip package.

Excuse me, is there any other way to get the file type more reasonably and safely?

I think the need of the main question is how to ensure the security of file upload.
First, you should make certain hard rules about file types and sizes. In addition, the individual believes that the mime type of judgment has been relatively safe, if the main or not trust, you can read the file header to determine the real type.
Method can refer to this case:

PHP to read the file header two bytes to determine the true type of file and its application example

See the question in the main question of the content, I think as the main point of the three methods, the security series enhanced in turn, if the level of three points, I think the security should be guaranteed.

First judge the head, if the picture on the GD, if the document is used OpenOffice
The fake is going to turn you into a real one.

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.