Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can I trust the file type from $_FILES?

Tags:

security

php

upload

Can I trust the file type from $_FILES when uploading images? Or do I have to check again with exif_imagetype() ?

like image 428
HappyDeveloper Avatar asked Sep 05 '11 13:09

HappyDeveloper

1 Answers

From the documentation:

The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.

like image 90
Sebastian Wramba Avatar answered Oct 06 '22 00:10

Sebastian Wramba
Sign in to Comment

Related questions

Use of "getTypeInstance()" of a Product in Magento
Dynamically Create Instance Method in PHP
how to print cells of a table with simple html dom
How insecure is a salted SHA1 compared to a salted SHA512
array_slice in multidimensional array?
Is there a workaround for using LIMIT in a subquery in MySQL?
Change single variable value in querystring [closed]
How can I make PHP's fgetcsv() to recognize the Classic Mac (CR) new line character?
Magento. Destination folder is not writable or does not exists
what is the difference between virtual server and alias in apache for php?
str_getcsv example
Can't delete php set cookie
Timezone with symfony 2
Run PHP function inside Bash (and keep the return in a bash variable)
sorting array based on inner-array key-value [duplicate]
Check if a variable is a natural number
save an attribute value without saving its parent entity in Magento
How to emulate __destruct() in a static class?
Is this an optimization?
How do you restart Apache with a (web) button click?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!