MIME类型检测是检测一种文件的最佳方法吗? [英] Is MIME type detection the best way to detect a kind of file?
问题描述
我正在使用PHP上传表单,该表单必须仅允许MP3文件.
I’m working on an upload form in PHP that must allow only MP3 files.
上传完成后,我分析文件以检查它是否真的是MP3.第一步是将MIME类型检测为audio/mpeg.我使用库finfo_file()并可以正常工作,除了在测试过程中某些MP3文件被拒绝是因为它们的MIME类型结果为application/octet-stream.
When the upload is done, I analyze the file to check whether is it really an MP3. The first step is to detect the mime type as audio/mpeg. I use the libraries finfo_file() and works fine except that during the tests some MP3 files are rejected because their MIME type results as application/octet-stream.
我的问题是:
- 我的应用程序肯定会拒绝那些MP3文件吗?他们实际上是在播放音频.
- 此MIME类型为何是MP3,有什么理由吗?
- 检测MIME类型是确定文件类型的最确定方法吗?
推荐答案
在我的大多数需要上载的应用程序中,有时我会决定针对一系列预定义的MIME类型验证浏览器(客户端)传递的MIME. .这种方法通常假定,如果浏览器无法传达正在上传的文件的MIME类型,如果发生了可疑的事情,我可能现在不想打扰它.
In most of my applications where upload is necessary, I sometimes settle for validating the MIME that is passed by the browser (client) against a list of predefined MIME types. This approach makes a general assumption that if something suspicious is going on where the browser is unable to communicate the MIME type of a file being uploaded, I probably don't want to bother processing it at this time.
<?php
$valid_mp3_mimes = array(
'audio/mpeg',
'audio/x-mpeg',
'audio/mp3',
'audio/x-mp3',
'audio/mpeg3',
'audio/x-mpeg3',
'audio/x-mpeg-3',
'audio/mpg',
'audio/x-mpg',
'audio/x-mpegaudio',
'video/mpeg',
'video/x-mpeg',
);
$uploaded_file_mime = $_FILES['upload_field_name']['type'];
if(!in_array($uploaded_file_mime, $valid_mp3_mimes))
{
die('Upload is not a valid MP3 file.');
}
您可能会或可能不会认为这是满足您目的的足够方法. 《 PHP手册》明确指出,如果浏览器提供了此信息,则该信息可用 ,并且未在服务器端检查MIME类型,因此不应将其视为理所当然.
You may or may not feel this is sufficient method for your purposes. The PHP Manual explicitly states that this information is available if the browser provided this information and that the MIME type is NOT checked on the server side and therefore should not be taken for granted.
要考虑的一件事是服务器上的资源可用性,该资源使您可以验证文件的真实MIME类型.
One thing to take into consideration is the availability of resources on the server that allow you to authenticate the true MIME type of a file.
作为PHP开发人员,我们大部分时间都喜欢灵活地创建与平台无关的代码(例如,在运行XAMPP的Windows系统上构建的Web应用程序只需很少的修改即可部署到Linux托管环境中).但是,在验证MIME类型时,我们开始引入依赖于平台的方法,这些方法必须验证这些工具(例如文件"或"finfo_file")的存在.
As PHP developers, we love the flexibility of creating platform independent code for the most part (e.g. our web applications built on a Windows system running XAMPP can be deployed to a Linux hosting environment with very little modification). However, when validating MIME types, we begin introducing platform dependent methods that necessitate verifying the existence of these tools (such as "file" or "finfo_file").
这可能是一个值得研究的实现(取自CodeIgniter GitHub存储库),该实现利用了这些工具,并且与您在PHP范围之内时一样,可以作为一个完整的工作示例:
This might be one implementation worth studying (taken from the CodeIgniter GitHub repository) that utilizes these tools and is about as thorough of a working example as you're going to get within the scope of PHP:
文件MIME类型(如果可能)检测上载文件的(实际)MIME类型. https://github.com/EllisLab/CodeIgniter/blob /develop/system/libraries/Upload.php#L983
来源
PHP手册 POST方法上传- http://www.php.net /manual/en/features.file-upload.post-method.php
PHP Manual POST method uploads - http://www.php.net/manual/en/features.file-upload.post-method.php
网站站长工具包 Mime类型- http://www.webmaster-toolkit.com/mime-types.shtml
Webmaster Toolkit Mime Types - http://www.webmaster-toolkit.com/mime-types.shtml
FILExt .MP3文件- http://filext.com/file-extension/MP3
FILExt .MP3 File - http://filext.com/file-extension/MP3
这篇关于MIME类型检测是检测一种文件的最佳方法吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
