tags:

views:

204

answers:

2
+3  Q: 

Why is there a mime type inconsistency with firefox, chrome?

I was puzzled at first why my files weren't uploading for some users and I found out it was everyone who wasn't using chrome which was the browser I was testing.

Basically I'm doing a file check to make sure they are only able to upload mp3s.

This this was working for chrome, but not firefox.

if ($_FILES['uploaded']['type']=="audio/mp3")

This was working for firefox, but not chrome.

$_FILES['uploaded']['type']=="audio/mpeg"

Could anyone explain why this is happening? I would think both browsers would be able to understand either or... Are there any other browsers I might need to worry about touchy mime types like these?

Edit: If what Pekka suggested is true, what would be the best way to check for a certain mime type?

+5  A: 

According to w3schools, audio/mpeg is the correct type. But it doesn't matter, MIME types can vary, you absolutely can't rely on them when checking files. Inconsistencies are the rule, and to be expected.

To identify a MP3 file, maybe the getid3 package can help you:

getID3() is a PHP script that extracts useful information from MP3s & other multimedia file formats.

Edit: IANA has an official list of MIME types here. There is no mention of mp3 there, so this is buggy behaviour on Chrome's part.

Edit 2: Your best bet on server side to determine the MIME type of a file is the finfo extension. It tries to determine the type of a file by "content sniffing", looking for specific characteristics of certain file types in the first few bytes of the data. In this process, MIME types can also vary, but at least they are consistent on the same server, so you won't have browser issues any more.

Pekka  2010-02-06 22:27:09
Like Pekka pointed out the fileinfo extension is the only sane way to test the mime type. I'd just like to point out that you can't really trust the files array type at all. It comes from the client and is trivial to modify. It isn't fool proof, but way better than what the browser sends.
Eric Butera  2010-02-06 23:14:13
+3  A: 

Each browser may implement the W3c standards slightly differently, much to the chagrin of all developers (#rant)...

Relying on meta information generated by a user/browser is highly unreliable and not recommended. If this is your only security/sanity mechanism then someone wishing to cause harm to your system could manually enter the meta type field with a custom request to == "audio/mpeg" then upload any kind of executable file. If you really want to be sure you must fully examine the data on the server side once it has been uploaded before accepting it into your permanent storage / production system. Or on a less sinister note.. a user with a different browser you have not tested before could want to upload a legit mp3 file but it may not announce its mime type as audio/mpeg or audio/mp3 and then you would deny them access to the system...

Harley Green  2010-02-06 22:31:14

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases