PHP 5.3.5 fileinfo () MIME type for MS Office 2007 files - magic.mime updates?

Question

PHP 5.3.5 fileinfo () MIME type for MS Office 2007 files - magic.mime updates?

When loading PHP, I try to check the MIME type of the downloaded files so that they match the valid set of MIME types for the application. When you try to use fileinfo () to determine the MIME type for an Office 2007 file, it is NOT detected as the corresponding MIME types. Instead, the MIME type response is "application / zip"

Office MIME document types: http://filext.com/faq/office_mime_types.php

PHP code example:

$ oFileInfo = new finfo (FILEINFO_MIME_TYPE);
$ sMimeType = $ oFileInfo → file ($ _FILES ['Filedata'] ['tmp_name']);
echo $ sMimeType;

Server setup information:

OS: 32-bit version of Windows Server 2003
Web Server: IIS 6.0
PHP: 5.3.5 (Thread Safe) using FastCGI 1.5
File: magic.mime
- Example from darko on uvcms dot com 16-Apr-2008 09:35
  - Link: php.net/manual/en/fileinfo.installation.php
- Size: 517 KB
- Source: Source Forge: GNU32 - FileType gnuwin32.sourceforge.net/packages/filetype.htm

I found a lot of messages that refer to problems with the new Office format when downloading from a web server. In all these examples, I have not found anywhere, which illustrates the estate of adding new MIME types to an existing magic.mime file or a link to a magic.mime file that already contains Microsoft Office 2007+ MIME types. Thank you for your help.

+4

mime-types php detection

Arachnid Jan 26 '11 at 16:26

source share

4 answers

jmz · Answer 1 · 2011-01-26T17:49:57+0000

The new Office files are ZIP archives. That is why the MIME Magic database detects them as ZIP files. You may need to add special rules based on the file extension or look in the ZIP file to find out if it has the docProps folder (Office mail archives have such a folder containing metadata about the document).

There are other file formats that are actually ZIP archives with a different extension, for example. JAR files.

targnation · Answer 2 · 2011-05-26T20:08:06+0000

Yes, you should update magic.mime.

lol, yes, just update it, the problem is resolved. Unfortunately, it seems that magic systems like mime do not look at the actual contents of the file, and since the file is compressed, it cannot unpack (and see which file?)

someone suggested writing a function to decompress compressed files, and then, for example, check for the presence of the "DocProps" directory. But this would create another attack vector for the production server.

timdream · Answer 3 · 2011-01-26T16:38:09+0000

Yes, you should update magic.mime .
Thumb up for non-faithful mime type sent from browser ( $_FILES['Filedata']['type'] )
Why are you using a function that says it's out of date? http://php.net/manual/en/function.mime-content-type.php

Note: finfo () determines the type of a MIME file using magic bytes; given that Office 2007 files (and many other file formats, such as ePUB) are simply zip packages with the specified directory structure, it is wise to have finfo() to return application/zip .

I would suggest unpacking or listing the contents in order to check its structure if you really want to determine the file type based on its contents (and not the MIME-type browser reports upon loading)

Twister · Answer 4 · 2011-01-26T16:40:22+0000

Have you tried to add new mime types in IIS?

Get the Internet Management snap-in
Right-click Websites and select Properties
Select "HTTP Headers"
Select "Mime Types"
Enter a new extension without a start period and the corresponding mime type. Repeat as necessary for each extension.
Click OK to close all dialogs.

PHP 5.3.5 fileinfo () MIME type for MS Office 2007 files - magic.mime updates?

More articles: