How do I tell if someone's faking a filetype? (PHP)

后端 未结 9 1828
野性不改
野性不改 2021-02-08 00:31

I\'m programming something that allows users to store documents and pictures on a webserver, to be stored and retrieved later. When users upload files to my server, PHP tells m

9条回答
  •  醉梦人生
    2021-02-08 01:15

    As a side note I ran into a similar problem where I had to do my own type checking. The front end interface to my application was done in flash. The files were being passed through flash to a php script. When I was attempting to do a MIME type check using php the type always returned was application/octetstream because it was coming from flash.

    I had to implement a magic numbers type paradigm. I simply created an xml file that held the file type along with some defining patterns found within the beginning of the file. Once the file reached the server I did some pattern matching with the xml file and then accepted or rejected the file. I didn't noticed any real performance decrease either which I was expecting.

    This is just a side note to anyone who may be using flash as there front end and trying to type check the file once it is uploaded.

提交回复
热议问题