{"id":11039,"date":"2008-02-05T00:45:46","date_gmt":"2008-02-04T21:45:46","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/2008\/02\/05\/mime-type-of-uploaded-files-in-php\/"},"modified":"2008-02-05T00:45:46","modified_gmt":"2008-02-04T21:45:46","slug":"mime-type-of-uploaded-files-in-php","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2008\/02\/05\/mime-type-of-uploaded-files-in-php\/","title":{"rendered":"MIME type of uploaded files in PHP"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p>Today I came across something that rather puzzled me at first, seemed irresponsible and such, but was cleared later, upon reading the manual.\u00c2\u00a0 When <a href=\"http:\/\/www.php.net\/features.file-upload\" title=\"PHP : Handling file uploads\">uploading files in PHP<\/a>, variable <em>$_FILES<\/em> stores a bunch of information about each file.\u00c2\u00a0 One of those stored bits is the MIME type of the file.\u00c2\u00a0 I was puzzled with how easy it was to trick PHP into setting a wrong MIME type.\u00c2\u00a0 However, documentation clearly says that:<\/p>\n<blockquote><p>The mime type of the file, if the browser provided this information. An example would be &#8220;image\/gif&#8221;. This mime type is however not checked on the PHP side and therefore don&#8217;t take its value for granted.<\/p><\/blockquote>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>Today I came across something that rather puzzled me at first, seemed irresponsible and such, but was cleared later, upon reading the manual.\u00c2\u00a0 When uploading files in PHP, variable $_FILES stores a bunch of information about each file.\u00c2\u00a0 One of those stored bits is the MIME type of the file.\u00c2\u00a0 I was puzzled with how &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2008\/02\/05\/mime-type-of-uploaded-files-in-php\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">MIME type of uploaded files in PHP<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,18],"tags":[1333,38,1330],"keyring_services":[],"class_list":["post-11039","post","type-post","status-publish","format-standard","hentry","category-general","category-programming","tag-mime-types","tag-php","tag-web-development"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":9907,"url":"https:\/\/mamchenkov.net\/wordpress\/2006\/02\/13\/daily-del-icio-us-bookmarks\/","url_meta":{"origin":11039,"position":0},"title":"Daily del.icio.us bookmarks","author":"Leonid Mamchenkov","date":"February 13, 2006","format":false,"excerpt":"Shared bookmarks for del.icio.us user tvset on 2006-02-12 Open Web Design -- A whole bunch of templates and webdesign pieces to use for your site. Tagged as: design examples freeware gallery html ideas templates web webdesign O'Reilly Radar > Web Development 2.0 Tagged as: applications business culture development programming software\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":23,"url":"https:\/\/mamchenkov.net\/wordpress\/2002\/03\/04\/new-mutt-packages-quake-iii-and-book-order\/","url_meta":{"origin":11039,"position":1},"title":"New mutt packages, Quake III, and book order","author":"Leonid Mamchenkov","date":"March 4, 2002","format":false,"excerpt":"I have put online new mutt rpms and configs with S\/MIME support and LDAP address book configuration. No NNTP and compressed mailboxes support this time. Outlook appointments converter to ical calendar is available though. After long tweaking and changing all possible and impossible settings I actually managed to fix my\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":29060,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/10\/advanced-web-security-topics\/","url_meta":{"origin":11039,"position":2},"title":"Advanced web security topics","author":"Leonid Mamchenkov","date":"December 10, 2018","format":false,"excerpt":"\"Advanced web security topics\" blog post goes over a variety of ways that a web application can get p0wned.\u00a0 Some of these include: Cross-site scripting (XSS)Mime-type attacksA variety of injections - SQL, JavaScript, HTTPURL indexingClick-jacking... and more.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/mime-types.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":14768,"url":"https:\/\/mamchenkov.net\/wordpress\/2011\/04\/18\/command-line-php\/","url_meta":{"origin":11039,"position":3},"title":"Command line PHP","author":"Leonid Mamchenkov","date":"April 18, 2011","format":false,"excerpt":"I've discovered two things about command line PHP today. \u00a0I'll share them here just in case you missed them too. First, the \"-f\" parameter is optional. \u00a0I'm not sure when the change happened, but I'm pretty sure back when I started using it, it was required. \u00a0Now, instead of \"php\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2011\/04\/php-interactive-shell.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":27408,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/03\/11\/validating-json-against-schema-in-php\/","url_meta":{"origin":11039,"position":4},"title":"Validating JSON against schema in PHP","author":"Leonid Mamchenkov","date":"March 11, 2017","format":false,"excerpt":"GitHub was rather slow yesterday, which affected the speed of installing composer dependencies (since most of them are hosted on GitHub anyway). \u00a0Staring at a slowly scrolling list of installed dependencies, I noticed something interesting. Of course, I've heard of the seld\/jsonlint before. \u00a0It's a port of zaach\/jsonlint JavaScript tool\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28653,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/06\/30\/php-jsonq-a-simple-elegant-php-package-to-query-over-any-type-of-json-data\/","url_meta":{"origin":11039,"position":5},"title":"php-jsonq &#8211; a simple, elegant PHP package to query over any type of JSON data","author":"Leonid Mamchenkov","date":"June 30, 2018","format":false,"excerpt":"php-jsonq provides an easy, yet powerful way to build queries for any JSON data (or PHP data structures for that matter, which are a step away).\u00a0 This has a variety of useful applications - data migration, API response filtering, complex configurations manipulation, and so on, and so forth.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/11039","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=11039"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/11039\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=11039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=11039"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=11039"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=11039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}