Menu
On a PHP upload, I'm trying to validate the MIME Type of the files being uploaded to match a valid set of MIME types for the application. When attempting to use the fileinfo() to determine the MIME type of an Office 2007 file it is NOT detecting as their appropriate MIME Types. Instead the MIME type response is "application/zip"
Office Document MIME types: http://filext.com/faq/office_mime_types.php
Example PHP Code:
$oFileInfo = new finfo( FILEINFO_MIME_TYPE );
$sMimeType = $oFileInfo -> file( $_FILES['Filedata']['tmp_name'] );
echo $sMimeType;
Server Setup Info:
I've found numerous posts which refer to issues with the newer Office format when downloading from a webserver. In all these examples I haven't found anywhere that illustrates a manor of adding the new MIME types to an existing magic.mime file, or a link to a magic.mime file that already contains the Microsoft Office 2007+ MIME types. Thanks for your assistance.
613
Newer Office files are actually ZIP archives. That's why MIME Magic database is detecting them as ZIP files. You may need to add special rules based on file extension, or look into the ZIP file to see if it has a docProps folder (Office ZIP archives have such a folder containing meta data about the document).
There are other file formats which are actually ZIP archives with a different extension, e.g. JAR files.
75
- Yes, you should update magic.mime.
lol, yeah, just update it, problem solved. Unfortunately, it looks like the magic mime type systems works off of looking at the actual file contents, and because the file is compressed, it can't uncompress (and look at which file?)
someone suggested writing a function to unzip compressed files and then checking for the existence of a "DocProps" directory, for instance. But this would introduce another vector of attack to the production server.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
