Destination file mime type parameter added in process()

verot / class.upload.php

This PHP class uploads files and manipulates images very easily. It is in fact as much as an image processing class than it is an upload class. Compatible with PHP 4, 5, 7 and 8. Supports processing of local files, uploaded files, files sent through XMLHttpRequest.

http://www.verot.net/php_class_upload.htm

GNU General Public License v2.0

853 stars 359 forks source link

Destination file mime type parameter added in process() #160

Closed halillusion closed 2 years ago

halillusion commented 2 years ago

It has also been ensured that measures can be taken with extensions for forbidden files. #132

verot commented 2 years ago

For the forbidden extensions, see #132 . I did implement the concept in a different way than in your commit b9198ef, but the result is the same.

As for your commit 7802a41, I am not sure it is a good idea. I think it is best done outside of the class, after the upload. Indeed, the class is able to determine the source file MIME type with quite a lot of code to try to be accurate. But here, for the destination file, your code doesn't really check the real MIME type, but infers it from the extension, which is not reliable enough.

halillusion commented 2 years ago

The name of the source file; may change after the upload process is complete. The same possibility exists for extensions. I needed this when I wanted to get the last name and extension after an install. I think it might work.

verot commented 2 years ago

I understand, but it is not reliable enough, and people wouldn't be able to trust this MIME type

halillusion commented 2 years ago

Okay, no problem. This library, which can initially determine the MIME type, may detect it incorrectly after some operations it performs. Like you said, it's a possibility; and not reliable enough. Thanks.