Welcome Guest, Not a member yet? Register   Sign In
$_FILES['userfile']['type'] Mime type different than the $this->upload->data() mine type?
#1

[eluser]Patche[/eluser]
Hi guys,

When running an upload of a file, it will fail because the mime type is not correct. For example, if I upload a PDF file (even though the file is listed as accepted type), it will fail because it thinks the mime type is

[file_type] => application/octet-stream

But when I check the $_FILES['userfile']['type'] variable, it outputs the correct mime type:

application/pdf

So I'm not sure what is causing this bug. I've checked the file on mime checker sites and they all output application/pdf. Does anyone know what could be causing the difference?
#2

[eluser]Massaki[/eluser]
CodeIgniter uses its own "mime" table, located on 'application/config/mimes.php'
#3

[eluser]Patche[/eluser]
Hi,

Yep I'm aware of that. In fact, I realised that $_FILES['userfile']['type'] is set by the browser so it's not to be trusted.

However, I'm still unsure as to why the file has the application/octet-stream when it's a PDF file (I can open it in Adobe). I resaved the file as PDF and that did come up as application/pdf. Not sure how to get around this error.
#4

[eluser]CroNiX[/eluser]
You can try to update your mimes.php file with the one from CI3 on github. https://github.com/EllisLab/CodeIgniter/.../mimes.php

It has a different definition for pdf than 2.2:
'pdf' => array('application/pdf', 'application/force-download', 'application/x-download', 'binary/octet-stream'),

As far as why it gets binary/octet-stream, it could be whatever program/library is creating the pdf. also some browsers have had issues setting the correct mime type.

You could try to upload from a different browser to see if it changes, and also try using PDFs from a variety of different sources.

#5

[eluser]Patche[/eluser]
Hi,

Thanks for your reply!

Is putting application/octet-stream a security issue though? Wouldn't it allow a user to upload .exe files and the like?
#6

[eluser]CroNiX[/eluser]
application/octet-stream usually just forces a browser to open the Save File dialog. All it means is it's a binary file, which pdf actually is (try viewing it in a text editor).
#7

[eluser]Patche[/eluser]
Hi,

Okay, so just to clarify, it won't lead to people being able to bypass the file-type limit if I added this in?
#8

[eluser]CroNiX[/eluser]
couldn't really tell you, I rarely use the upload class as most of the time I need to allow multiple file uploads which the native ci library doesn't do.

But I got that mime definition straight from the upcoming CI v3 which I linked to.
#9

[eluser]InsiteFX[/eluser]
You should never check the file type on an upload, it will most likely always contain
application/octet-stream and not the true file type which in your case is the pdf.

#10

[eluser]Patche[/eluser]
So how do you check and restrict file types then when using the upload library?




Theme © iAndrew 2016 - Forum software by © MyBB