Compare File Extension

Asked

Viewed 1,160 times

4

I’m trying to compare the extension of a file, but the same is failing I created a variable with the allowed extensions and I try to compare with the one being sent.

// Lista de tipos de arquivos permitidos
$tiposPermitidos = array('gif', 'jpeg', 'jpeg', 'png');

$infos = pathinfo($rowData['imagem']);
$arqType = $infos['extension'];

if (in_array($arqType, $tiposPermitidos)) {             
    echo 'O tipo de arquivo enviado é inválido, permitido somente imagens';
}

Running a var_dump($infos); get the following result:

array(4) { ["dirname"]=> string(9) "../banner" ["basename"]=> string(9) "10889.php" ["extension"]=> string(3) "php" ["filename"]=> string(5) "10889" }
php

  • Have you checked what’s on $infos? Give a var_dump($infos) and include the result in the question.

  • 2

    The condition is changed, he’s getting into the if with valid types, not invalid ones, try: if (! in_array($arqType, $tiposPermitidos))

  • Thanks @gmsantos and bfvaretto for the excellent tips.

1 answer

7


The file extension does not always refer to the file type, it is best to detect mimetype, for example this function provides compatibility for older versions of PHP:

function mimeType($file)
{
    $mimetype = false;

    if (class_exists('finfo')) {//PHP5.4+
        $finfo     = finfo_open(FILEINFO_MIME_TYPE);
        $mimetype  = finfo_file($finfo, $file);
        finfo_close($finfo);
    } else if (function_exists('mime_content_type')) {//php5.3 ou inferiror
        $mimetype = mime_content_type($file);
    }

    return $mimetype;
}

Using:

$infos = mimeType($rowData['imagem']);

if (strpos($infos, 'image/') !== 0) {
    echo 'O tipo de arquivo enviado é inválido, permitido somente imagens';
}

In the first example it will accept any type of image, for example SVG, however if you want to limit, you can create an array/array:

$permitidos = array(
    'jpeg', 'png', 'gif'
);

$infos = mimeType($rowData['imagem']);

//Transforma image/jpeg em jpeg por exemplo
$infos = str_replace('image/', '', $infos);

//Remove content-types experimentais, como icon/x-icon (eu não sei se a API do php reconhece content-types experimentais, é apenas por garantia)
$infos = str_replace('x-', '', $infos);

if (false === in_array($infos, $permitidos)) {
    echo 'O tipo de arquivo enviado é inválido, permitido somente imagens';
}

  • "the best is to detect mimetype" - I’ve seen people saying otherwise, and I’ve seen cases where mime-type comes wrong or useless (application/octet-stream, that could be anything).

  • Thank you for commenting @bfavaretto there were problems that as PHP bug fixes appear they fix, an example of situation that occurred until php5.3 was with DOCX that presented as ZIP, but they released fixes and are always releasing, in this case this was a PHP failure and not the file itself. Now from my point of view trusting a machine file by the extension that can be manipulated is worse than a PHP BUG, agree?

  • Excellent explanation about Mimetype, I thank @bfavaretto and Guilherme Nascimento.

  • If you use an old browser with those flash-based Uploaders, it sends a plastered mime-type, in which case it is not PHP’s fault. Because mime-type is not a feature of the file, it is something sent too much at upload time.

  • @bfavaretto mimetype in these php functions as far as I know detect mimetype by the contents of the file and not by the "Multipart" of the upload structure. Or am I confused? Could you explain to me? :)

  • I might be confusing too. I don’t know, I just know that there are flash Ufos that always fall as octet-stream.

  • 1

    @bfavaretto found the situation you refer to is when we use $_FILES['upfile']['mime'] so much so that other developers cite this in: http://ca.php.net/manualen/features.file-upload.php#114004 and http://www.uploadify.com/forum/#/Discussion/1126/mime-type-reported-as-applicationoctet-stream/P1

  • 1

    That’s right, @Guilhermenascimento, in fact it’s not catching hair finfo.

Show 3 more comments

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.