I have weird problem, that when I try to upload different files, some of them are recognized correctly, but some are not and are set as application/octet-stream
when you check their type $_FILES['file_1']['type']
Debug Objects: png
Debug Objects: image/png
Debug Objects: php
Debug Objects: application/octet-stream
Debug Objects: rar
Debug Objects: application/octet-stream
Debug Objects: psd
Debug Objects: application/octet-stream
I contacted my hosting company, they told me its not an error on their side and that it might be related to CloudFlare, but I never had such problem before.
I know that RAR has application/octet-stream
as one of possible mime types, but not PHP or PSD.
Those are types for PSD:
application/x-photoshop
image/vnd.adobe.photoshop
And those are for PHP:
application/x-httpd-php
application/php
application/x-php
text/php
text/x-php
application/x-httpd-php-source
Does somebody have idea why its doing this? I tried it in IE, FireFox, Chrome and Opera. Happens in all of those browsers.
Is there better way of checking for types? As the ones I am checking are sent by browser, which can be spoofed (I am also checking for extensions for more security). I know there is way to do it with java, but I would like to use PHP and do it server side.
Thanks.
3
Answers
[‘type’] is not trustable. An ok solution is http://php.net/manual/en/book.fileinfo.php
You have to check the mime type on server side with finfo_file or finfo_buffer.
Improving on @take answer, i use
file_get_contents()
as well