+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: file upload / mime type vs exif_imagetype (/showthread.php?tid=6802)
file upload / mime type vs exif_imagetype - El Forum - 03-12-2008
[eluser]druid100[/eluser]
hi,
i'm migrating to ci ... which is a pleasure to do
currently i'm working on image uploads. one can specify allowed mime types like jpg|gif|png to limit the allowed upload types.
however ... in my currenty solution i do not trust the mime type but i use exif_imagetype() to determine if the uploaded image is valid.
i checked the Upload.php library and noticed that it trusts the mime type to validate the uploaded image.
what are your thoughts about that? do you think such an approach is ok or would you / do you additionally use exif_imagetype() to validate an image upload?
cheers.
file upload / mime type vs exif_imagetype - El Forum - 03-12-2008
[eluser]nmweb[/eluser]
My personal validation class uses http://nl3.php.net/manual/en/ref.fileinfo.php and http://nl3.php.net/manual/en/function.mime-content-type.php to determine mime types. You're right in not trusting mime types.
file upload / mime type vs exif_imagetype - El Forum - 03-12-2008
[eluser]Seppo[/eluser]
Agree... However there is no cross-server solution for this... there's no way to check it in all server configuration, however we should try to use those functions if they are available... also I'd use getimagesize if it has to be a image/* type.