application/force-download

Question

I'm creating a script to only upload zip files and I have the following validation allready:

if($itemtype != "application/x-zip-compressed"
   && $itemtype != "application/zip" && $itemtype != "application/octet-stream") {
  throw new exception("Your file should be a zip file!");
}

but I have a file with file type application/force-download but when I look in the mime types I can't find it, should I still add it in the validation (see code above)? the file I try to upload should be a normal zip file ... well that's what I thought

Answer 1

Fix your code in your example and make your question more clear.

That said, it's unclear whether you're trying to validate an uploaded file or a downloaded file.

I'm going to take a wild guess and say that you might be trying to serve a file that's already uploaded. Mimetypes are a pretty bad way of validating that, but your problem might actually lie with your webhost. In similar situations in the past, I've seen shared hosting providers inserting all kinds of headers without my permission, resulting in problems similar to what you might be experiencing, were your question more precise. Unfortunately, the solution in that particular case was to re-write the entire serving process for the download in php, which had a whole bunch of problems of its own.

Answer 2

You need to check file extension, not the content type. Especially, because different browsers can send different content types.

Answer 3

I don't have an answer. I will say that I'm seeing this on one of my machines. The content-type is missing from the _FILES structure. On the wire, the content-type was application/force-download. On another machine with the same level of PHP, the content-type is listed in the _FILES structure. I am curious if this is an intentional behavior and there is some setting that is differs between the servers.