Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is application/octet-stream a safe MIME type to accept when accepting CSV files?

I'm building a web form to take a CSV file to then import the contents into a contacts database. However, during development I've noticed when uploading a CSV file the MIME type available to me is application/octet-stream.

A quick web search on Google tells me that application/octet-stream is a generic MIME type for binary files, which could be anything from a .csv to a .exe file, which doesn't seem safe to me as then the only other piece of information I have to determine the file type is the original filename. And this can easily be changed by any one with basic computing knowledge.

How can I ensure that a CSV file uploaded via a web form in PHP is actually a CSV file with the above information?

like image 937
Martin Bean Avatar asked Mar 16 '11 10:03

Martin Bean


People also ask

What is application octet stream MIME type?

The application/octet-stream MIME type is used for unknown binary files. It preserves the file contents, but requires the receiver to determine file type, for example, from the filename extension. The Internet media type for an arbitrary byte stream is application/octet-stream .

Is CSV a MIME type?

Expected MIME type is "text/csv", "application/vnd.

What is MIME type for all files?

Use "application/octet-stream" for the "All files (*)" filter, since that is the base MIME type for all files.


1 Answers

That is correct, application/octet-stream is a generic MIME type.

You could check whether the file has the CSV extension and use the function fgetcsv() to determine whether the content of the file is valid. This function will return NULL or boolean false if there are problems reading the file as CSV.

like image 199
Michiel Pater Avatar answered Oct 09 '22 15:10

Michiel Pater