ProgerXP
file.type seems doesn't work for several files
Hi, i'm testing filedrop and I have notice that file type function doesn't work for several files:
- new file.txt (empty)
- *.md, *.markdown, *.mkdown...
- *.7z, *.bz2, *.rar
the php function mime_content_type() retrieves those files.
in basic.html, if i try alert('file type is: '+file.type); in files.each(function (file) {...} the alert box contains "file type is: " when i upload the README.md for example, instead "file type is: text/markdown".
For most of file extensions it's ok, but not for these quoted.
The type comes from the browser which in turn detects it based on file extension. It's usually bad practice to rely on this property since it's not portable and depends on browser version.
I tested with Chrome 60.0.3112.101 (Build officiel) (64 bits). What is the best pratice to detect mime type before opload?
type depends on file extension so it's trivial to fake. You have two options:
- Validate file data before upload by reading a few first bytes and comparing them with well-known signatures for file types you need (e.g. JPEG). Google for them, they're available.
- Validate it after upload using any of the plenty PHP functions.
Thanks for reply. I knew that it's trivial to fake, but I thought put a first verification on the client side to avoid bad file by mistake and a second verification on the server side with your method for example.
Yes, that could be used but type is unreliable anyway because one browser might report one file type as something, another browser will report the same type as something else, or even two different versions of the same browser may work differently.
If you intend to validate common formats like images then you can definitely rely on type. If you want it for things like md or 7z then it's a bad idea and you better implement a simple signature check as I have described above (should not be hard with FileDrop).