• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
$_FILES['userfile']['type'] Mime type different than the $this->upload->data() mine type?

Hi guys,

When running an upload of a file, it will fail because the mime type is not correct. For example, if I upload a PDF file (even though the file is listed as accepted type), it will fail because it thinks the mime type is

[file_type] => application/octet-stream

But when I check the $_FILES['userfile']['type'] variable, it outputs the correct mime type:


So I'm not sure what is causing this bug. I've checked the file on mime checker sites and they all output application/pdf. Does anyone know what could be causing the difference?

CodeIgniter uses its own "mime" table, located on 'application/config/mimes.php'


Yep I'm aware of that. In fact, I realised that $_FILES['userfile']['type'] is set by the browser so it's not to be trusted.

However, I'm still unsure as to why the file has the application/octet-stream when it's a PDF file (I can open it in Adobe). I resaved the file as PDF and that did come up as application/pdf. Not sure how to get around this error.

You can try to update your mimes.php file with the one from CI3 on github. https://github.com/EllisLab/CodeIgniter/.../mimes.php

It has a different definition for pdf than 2.2:
'pdf' => array('application/pdf', 'application/force-download', 'application/x-download', 'binary/octet-stream'),

As far as why it gets binary/octet-stream, it could be whatever program/library is creating the pdf. also some browsers have had issues setting the correct mime type.

You could try to upload from a different browser to see if it changes, and also try using PDFs from a variety of different sources.


Thanks for your reply!

Is putting application/octet-stream a security issue though? Wouldn't it allow a user to upload .exe files and the like?

application/octet-stream usually just forces a browser to open the Save File dialog. All it means is it's a binary file, which pdf actually is (try viewing it in a text editor).


Okay, so just to clarify, it won't lead to people being able to bypass the file-type limit if I added this in?

couldn't really tell you, I rarely use the upload class as most of the time I need to allow multiple file uploads which the native ci library doesn't do.

But I got that mime definition straight from the upcoming CI v3 which I linked to.

You should never check the file type on an upload, it will most likely always contain
application/octet-stream and not the true file type which in your case is the pdf.

So how do you check and restrict file types then when using the upload library?

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.