tags:

views:

427

answers:

2
+2  Q: 

ics file mime type

I'm trying to upload an ics file to my site. It was exported from iCal on Mac OSX. I thought that ics files had a mime type of text/calendar, but for some reason this file seems to be of type Application/octet-stream. This makes the upload fail my verification tests. Anyone have any ideas why the type isn't what I expect?!

+1  A: 

The MIME type is determined by the browser, and seemingly, your browser doesn't know the proper MIME type for an ics file. Never mind, just skip the MIME check and do some structural analysis (Is there a valid header, are any calendar records present, etc.)

The MIME type is of very limited use for validation anyway, as it can be freely modified by the client.

Pekka  2010-01-29 18:24:51
dude, you just said it is determined by the browser but that it can be freely modified by the client - which is it?
jckdnk111  2010-01-29 18:43:23
Thanks for that. I'll certainly use a different verification process. However, I'm still a bit confused. If I open the file directly in the browser window it displays the contents correctly.
musoNic80  2010-01-29 18:44:16
@jckdnk: It is determined by the browser (= the client). It can be faked (=freely modified) by an attacker simulating a browser. What's not clear to you?
Pekka  2010-01-29 18:47:13
@musoNic80: Could that be because it uses the file extension to determine the type?
Pekka  2010-01-29 18:47:49
Manual detection of the mime type via regular expressions, etc. is very expensive. There is an older, deprecated function for checking MIME types (mime_content_type) that was replaced by a PECL package that is much faster. This should be used rather than manual checking.
Andrew Sledge  2010-01-29 18:51:29
@Pekka You tell me!!! I think it's probably best that I check the file extension and details in the content, as you suggested earlier. Are there any other checks I could do to make sure the file is safe before I open it to check the contents?
musoNic80  2010-01-29 19:04:50
What kind of file is ics? XML based? If it is, I don't think there is much that can go wrong even if somebody would try to upload a malicious file: The XML just wouldn't be rendered.
Pekka  2010-01-29 20:25:27
@Pekka: I missed that he / she was uploading and therefore was the client / not the server. It was my misunderstanding.
jckdnk111  2010-01-29 21:44:46
A: 

Try adding a content-type of text/calendar to the header. If you are just serving it up from Apache you can look for instruction here: http://httpd.apache.org/docs/1.3/mod/mod_mime.html

jckdnk111  2010-01-29 18:45:56
He is trying to *upload* an ics file.
Pekka  2010-01-29 18:48:22
ahh, missed that, sorry.
jckdnk111  2010-01-29 21:41:18

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases