Unsafe MIME Type detection in Web->mime($file)

[Jiab77]

First, thanks for your work, I'm just trying to make it even better or safer.

Second, you should never ever do MIME Type detection based only on the file extension, this could be bypassed easily. The safe way to get the correct MIME Type is to read the Magic Bytes of the given file but not just check the extension. You might read this comment for more info: http://php.net/manual/en/function.mime-content-type.php#85879

Third, You should parse the local MIME database or get the one used by the Apache project for example instead of writing a custom one. For example, your actual code won't detect MIME Type for an MP4 file because you have not specified it...

You can get an updated MIME Types database here: https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types and a sample code to use it here: https://php.net/manual/en/function.mime-content-type.php#107798

So mime-content-type or finfo-file for a local file and finfo-buffer for a file from memory, should be better than your actual code

I can create a pull request if you want but I think discussing before would be better.

[bcosca]

I totally agree with you on this point. The mime() method was written at a time when PHP required you to configure its .ini file so it points to the location of the magic.mime file of your OS. Nowadays, it appears like it isn't needed anymore.

Pull requests are welcome.

[Jiab77]

Ok so I understand why you did at that, you had no other choice. I'm glad you took my comment positively as it was intended! :+1: As I've planned to use your project as low level of mine, I'll try to rewrite this method to take care both physical and in memory files. The pull request should coming soon. Thanks again for your time and this great project!