file upload / mime type vs exif_imagetype

[eluser]druid100[/eluser]
hi,

i'm migrating to ci ... which is a pleasure to do

currently i'm working on image uploads. one can specify allowed mime types like jpg|gif|png to limit the allowed upload types.

however ... in my currenty solution i do not trust the mime type but i use exif_imagetype() to determine if the uploaded image is valid.

i checked the Upload.php library and noticed that it trusts the mime type to validate the uploaded image.

what are your thoughts about that? do you think such an approach is ok or would you / do you additionally use exif_imagetype() to validate an image upload?

cheers.

[eluser]nmweb[/eluser]
My personal validation class uses http://nl3.php.net/manual/en/ref.fileinfo.php and http://nl3.php.net/manual/en/function.mi...t-type.php to determine mime types. You're right in not trusting mime types.

[eluser]Seppo[/eluser]
Agree... However there is no cross-server solution for this... there's no way to check it in all server configuration, however we should try to use those functions if they are available... also I'd use getimagesize if it has to be a image/* type.