Some file types have signatures (Magic bytes aka File Signature), we can use them to identify the type of a file regardless of the file extension.
This is an important issue to handle with care, because there are a range of exploits that can be written like this and be uploaded to the server through improper checking of the file.
[ ] Common Mime Types
[ ] is_mime(...): check if a file is of an specific mime type
[ ] mime_type_of(...): see the mime type of the specified file
[ ] is_truthful: see if the name of the file, the signature of the file is okay, and whether or not includes non-standard data that it's not supposed to.
the-moisrex
commented
1 year ago
Some file types have signatures (Magic bytes aka File Signature), we can use them to identify the type of a file regardless of the file extension.
This is an important issue to handle with care, because there are a range of exploits that can be written like this and be uploaded to the server through improper checking of the file.