finfo_close
Well, i have a great probleam with that, MS Office 2007 extensions (pptx, xlsx, docx) do not have a default Mime type, they have "application/zip" mime type, so, to fix that, i do one little function to verify the extension.
That function allow's you to be safe of fake extensions hack.
<?php
$arrayZips = array("application/zip", "application/x-zip", "application/x-zip-compressed");
$arrayExtensions = array(".pptx", ".docx", ".dotx", ".xlsx");
$file = 'path/to/file.xlsx';
$original_extension = (false === $pos = strrpos($file, '.')) ? '' : substr($file, $pos);
$finfo = new finfo(FILEINFO_MIME);
$type = $finfo->file($file);
if (in_array($type, $arrayZips) && in_array($original_extension, $arrayExtensions))
{
return $original_extension;
}
?>
finfo_file
finfo::file
(PHP >= 5.3.0, PECL fileinfo >= 0.1.0)
finfo_file -- finfo::file — Retourne des informations à propos d'un fichier
Description
Style procédural
string finfo_file
( resource
$finfo
, string $file_name = NULL
[, int $options = FILEINFO_NONE
[, resource $context = NULL
]] )Style orienté objet
string finfo::file
( string
$file_name = NULL
[, int $options = FILEINFO_NONE
[, resource $context = NULL
]] )Cette fonction est utilisée pour récupérer des informations à propos d'un fichier.
Liste de paramètres
-
finfo -
Ressource Fileinfo retournée par finfo_open().
-
file_name -
Nom d'un fichier à être vérifié.
-
options -
Une ou une union de plusieurs constantes Fileinfo.
-
context -
Pour une description de contexts, référez-vous à Fonctions sur les flux.
Valeurs de retour
Retourne une description textuelle du contenu de l'argument
filename ou FALSE si une erreur s'est produite.
Exemples
Exemple #1 Exemple avec finfo_file()
<?php
$finfo = finfo_open(FILEINFO_MIME_TYPE); // Retourne le type mime à la extension mimetype
foreach (glob("*") as $filename) {
echo finfo_file($finfo, $filename) . "\n";
}
finfo_close($finfo);
?>
L'exemple ci-dessus va afficher quelque chose de similaire à :
text/html image/gif application/vnd.ms-excel
add a note
User Contributed Notes
finfo_file - [10 notes]
contato at vfreitas dot com ¶
1 year ago
info at tech dash bits dot net ¶
2 years ago
While figuring out my problem using this new function, i had a brainwave in using the full path of the file instead of the relative path. For example:
<?php
$folder = "somefolder/";
$fileName "aFile.pdf";
$finfo = finfo_open(FILEINFO_MIME_TYPE);
finfo_file($finfo, $folder.$fileName);
?>
This will result in an error where it can't find the file specified.
This however fixxes that problem:
<?php
$folder = "somefolder/";
$fileName "aFile.pdf";
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, dirname(__FILE__)."/".$folder.$fileName);
?>
scott at thebrain dot ca ¶
4 years ago
I thought to use fileinfo to check if a file was gzip or bzip2. However, the mime type of a compressed file is "data" because compression is an encoding rather than a type.
gzip files begin with binary 1f8b.
bzip2 files begin with magic bytes 'B' 'Z' 'h'.
e.g.
<?php
$s = file_get_contents("somefilepath");
if ( bin2hex(substr($s,0,2)) == '1f8b' ) {/* could be a gzip file */}
if( substr($s,0,3) == 'BZh' ){/* could be a bzip2 file */}
?>
I am not an encoding expert. My only testing was using a few of my own encoded files.
Schraalhans Keukenmeester ¶
5 years ago
Tempting as it may seem to use finfo_file() to validate uploaded image files (Check whether a supposed imagefile really contains an image), the results cannot be trusted. It's not that hard to wrap harmful executable code in a file identified as a GIF for instance.
A better & safer option is to check the result of:
if (!$img = @imagecreatefromgif($uploadedfilename)) {
trigger_error('Not a GIF image!',E_USER_WARNING);
// do necessary stuff
}
Zane MegaLab.it ¶
1 year ago
I was getting application/octet-stream or "<= not supported" for all the files.
I found out that in PHP 5.3 the magic file is built-in into PHP and that is what should be used. The magic file found on the system may not always be what libmagic expects, hence the error.
renato at rmc dot inf dot br ¶
10 months ago
Easy way to get a MIME TYPE from a uploaded file.
<?php
$finfo = new finfo(FILEINFO_MIME);
$type = $finfo->file($_FILE['tmp_name']);
$mime = substr($type, 0, strpos($type, ';'));
?>
darko at uvcms dot com ¶
4 years ago
OO (bit improved) version of the same thing
<?php
$file = '<somefile>';
$ftype = 'application/octet-stream';
$finfo = @new finfo(FILEINFO_MIME);
$fres = @$finfo->file($file);
if (is_string($fres) && !empty($fres)) {
$ftype = $fres;
}
?>
WebShowPro ¶
5 years ago
Just an improvement on the sample Ryan Day posted - slightly off topic since this method does not use finfo_file but in some cases this method might be preferable.
The main change is the -format %m parameters given to the identify call. I would suggest using the full system path to identify i.e. /usr/bin/identify to be a little safer (the location may change from server to server though).
<?php
function is_jpg($fullpathtoimage){
if(file_exists($fullpathtoimage)){
exec("/usr/bin/identify -format %m $fullpathtoimage",$out);
//using system() echos STDOUT automatically
if(!empty($out)){
//identify returns an empty result to php
//if the file is not an image
if($out == 'JPEG'){
return true;
}
}
}
return false;
}
?>
darko at uvcms dot com ¶
5 years ago
Another interresting feature of finfo_file on Windows.
This function can return empty string instead of FALSE for some file types (ppt for example). Therefore to be sure do a triple check of output result and provide default type just in case. Here is a sample code:
$ftype = 'application/octet-stream';
$finfo = @finfo_open(FILEINFO_MIME);
if ($finfo !== FALSE) {
$fres = @finfo_file($finfo, $file);
if ( ($fres !== FALSE)
&& is_string($fres)
&& (strlen($fres)>0)) {
$ftype = $fres;
}
@finfo_close($finfo);
}
Ryan Day ¶
5 years ago
to check images on unix based systems its much better to use the identify command provided by image magic as it provides accurate results about all files
<?php
function is_jpg($fullpathtoimage){
if(file_exists($fullpathtoimage)){
exec("identify $fullpathtoimage",$out);
//using system() echos STDOUT automatically
if(!empty($out)){
//identify returns an empty result to php
//if the file is not an image
$info = $out[0];
$info = explode(' ',$out[0]);
//^IF THE FILENAME CONTAINS SPACES
//^THIS WILL NOT WORK...be creative
$type = $info[1];
if($type == 'JPEG'){
return true;
}
}
}
return false;
}
?>
identify can process all types of images that are web friendly
sample output:
./image/someimage.jpg JPEG 150x112 150x112+0+0 DirectClass 8-bit 4.54688kb
if you dont want to control the image name or want to support spaces use: escapeshellarg()
http://us2.php.net/manual/en/function.escapeshellarg.php
function links:
exec() -- http://us2.php.net/manual/en/function.exec.php
explode() -- http://us2.php.net/manual/en/function.explode.php