Reputation: 3117
Is there a comparable php function like exif_imagetype for other files
The php exif_imagetype() function seems to be the most reliable way of determining an image type as it actually reads the first byte and then tells you the image type.
For other files, like videos, documents, etc. is there a way of securely doing this? You obviously can't rely on $_FILES['file']['type'], as the mime header type can easily be spoofed.
Upvotes: 2
Views: 903
Answers (1)
Reputation: 14752
Fileinfo with the FILEINFO_MIME flag is your best bet.
But have it in mind that there will be false positives. Unfortunately, there just isn't a realiable way to validate file types ...
Certainly, not for every single filetype there is, and while not technically impossible to have your own validation for at least a few common types, it would be a very intensive process, as you'd have to validate literally every byte within a file.
This isn't limited to PHP, it's just how things are with file handling. I wouldn't entirely trust exif_imagetype() either.
Upvotes: 1
Related Questions
- How To Perform Secure Image Upload Using MIME Instead Of Allowed File Types Which Detects Image Extension Only
- How to check uploaded file type in PHP
- How can I determine a file's true extension/type programmatically?
- Security: How to validate image file uploads?
- How can I check type of uploaded file that's security
- How can I check uploaded files extension?
- PHP file upload - Best security option for file types?
- Check if uploaded file is of a insecure filetype in php
- Best way to get file mime type in php
- Verifying file type of ANY upload