even PHP has 'bugs' with IE

This is not a real bug BUT for sure it is not what you would expect. I have this sample code to upload images:

if($type=="image/jpg" || $type=="image/jpeg" || $type=="image/pjpeg" || $type=="image/tiff" || $type=="image/gif" || $type=="image/png") {
   // make upload
else echo "Incorrect format ...."; 

The problem is that if I modify the extension of an image, let's say to .jpgq or even .jpg% and I try to upload it, FF and Chrome will say that the file"s type is "application/octet-stream" and normally the condition will be false.

IE, on the other hand, will say that the file's type is "image/jpeg", the condition will be true and the file will be uploaded. Of course, any browser trying to read the image later will not be able to do so.

It is not a bug because on msdn.microsoft.com it says that: "If the "suggested" (server-provided) MIME type is unknown (not known and not ambiguous), FindMimeFromData immediately returns this MIME type" and "If the server-provided MIME type is either known or ambiguous, the buffer is scanned in an attempt to verify or obtain a MIME type from the actual content."

My questions are:

  1. Why does IE / the server knows the real MIME type on upload BUT it will fail to read it from the server?
  2. How can I work around this issue (if the file doesn't have the right extension, the condition has to be false)? Is it wise to check the extension format (and not the MIME type)?
  3. is any of the above extensions not recomended to use? Should I add others?

Answers


Forget checking the mime type. Use getimagesize() instead.


For performance reasons your webserver doesn't usually inspect the file for it's mimetype, it usually only uses the extension.

Therefore on upload you need to read the mimetype and then save the file with an extension appropriate for the mimetype if you wish the webserver to directly serve the file. The alternative is to use a download wrapper that reads the mimetype from the file and passes it onto the client.

Basic example,

/* verify and sanitize any file extension from mimetype
 */
    switch($subtype) {
    case 'pjpeg':
    case 'jpeg':
        if (!preg_match('/\.jp(e)?g$/i', $real_name)) {
            $real_name .= '.jpg';
        }
        break;

    default:
        if (!preg_match('/\.'.$subtype.'$/i', $real_name)) {
            $real_name .= ".$subtype";
        }
        break;
    }

Need Your Help

JSON multi dimensional array not displaying ('array is not defined')

javascript ajax json

I made some edits to my returned JSON array and now it broke the code. Essentially, all I did was turn it into a multi-dimensional array (2?)

SQL statement workflow

mysql sql

Every month we need to create a statement based off of a CSV file. Here is an example: