Reputation: 769
Verify MIME type in PDF file upload in DRUPAL
How to verify the mime type of pdf file in drupal file upload.
Issue: any one can upload script file just by renaming or adding extension of the file (eg: script.php.pdf)
I have implemented the mime type check for image upload (as it is a separate module), but can't figure out where to validate the mime type of pdf files.
Code for Image MIME type check:
$supported_mime = array('image/jpg', 'image/jpeg', 'image/png', 'image/gif');
$elements[$delta]['#upload_validators']['file_validate_mime_type'][0] = implode('::', $supported_mime);
Upvotes: 1
Views: 774
Answers (1)
Reputation: 7124
Code for additional validation should be placed in your hook_file_validate() funciton:
https://api.drupal.org/api/drupal/modules%21system%21system.api.php/function/hook_file_validate/7.x
However, it seem very unlikely that just renaming files (hiding real extension) can do the trick and fool Drupal. I mean even if php if php file is uploaded, with .pdf extension it's not going to be executed.
Upvotes: 0
Related Questions
- File Mime Type Checking
- How to detect .docx correct MIME other than application/octet-stream
- How to check file types of uploaded files in PHP?
- How to validate mime type ( is PDF for instance ) of both a file and a variable string?
- Detecting the MIME type with a php upload script is not working
- How to check whether the upload file is PDF in PHP
- Mime Type PDF php upload
- how to verify mime type provided by $_FILES['userfile']['type']
- Check mime type of file on upload with PHP. mime_content_type, fileINfo, linux file NOT available
- Verifying mime type of pdf files on upload in PHP