Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

file.type seems doesn't work for several files #68

Open
trinitrotoluene76 opened this issue Aug 31, 2017 · 8 comments
Open

file.type seems doesn't work for several files #68

trinitrotoluene76 opened this issue Aug 31, 2017 · 8 comments

Comments

@trinitrotoluene76
Copy link

trinitrotoluene76 commented Aug 31, 2017
edited
Loading

Hi,
i'm testing filedrop and I have notice that file type function doesn't work for several files:

  • new file.txt (empty)
  • *.md, *.markdown, *.mkdown...
  • *.7z, *.bz2, *.rar

the php function mime_content_type() retrieves those files.
@ProgerXP
Copy link
Owner

What do you mean exactly? I don't understand you.

@trinitrotoluene76
Copy link
Author

in basic.html, if i try alert('file type is: '+file.type); in files.each(function (file) {...} the alert box contains "file type is: " when i upload the README.md for example, instead "file type is: text/markdown".
For most of file extensions it's ok, but not for these quoted.

@ProgerXP
Copy link
Owner

The type comes from the browser which in turn detects it based on file extension. It's usually bad practice to rely on this property since it's not portable and depends on browser version.

@trinitrotoluene76
Copy link
Author

I tested with Chrome 60.0.3112.101 (Build officiel) (64 bits).
What is the best pratice to detect mime type before opload?

@ProgerXP
Copy link
Owner

type depends on file extension so it's trivial to fake. You have two options:

  1. Validate file data before upload by reading a few first bytes and comparing them with well-known signatures for file types you need (e.g. JPEG). Google for them, they're available.
  2. Validate it after upload using any of the plenty PHP functions.

@trinitrotoluene76
Copy link
Author

Thanks for reply.
I knew that it's trivial to fake, but I thought put a first verification on the client side to avoid bad file by mistake and a second verification on the server side with your method for example.

@ProgerXP
Copy link
Owner

Yes, that could be used but type is unreliable anyway because one browser might report one file type as something, another browser will report the same type as something else, or even two different versions of the same browser may work differently.

If you intend to validate common formats like images then you can definitely rely on type. If you want it for things like md or 7z then it's a bad idea and you better implement a simple signature check as I have described above (should not be hard with FileDrop).

@trinitrotoluene76
Copy link
Author

ok, cristal clear now, thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ProgerXP @trinitrotoluene76