tags:

views:

151

answers:

2
Q: 

What is the best way to determine the mime type of an http file upload?

Assume you have an html form with an input tag of type 'file'. When the file is posted to the server it will be stored locally, along with relevant metadata.

I can think of three ways to determine the mime type:

  • Use the mime type supplied in the 'multipart/form-data' payload.
  • Use the file name supplied in the 'multipart/form-data' payload and look up the mime type based on the file extension.
  • scan the raw file data and use a mime type guessing library.

None of these solutions are perfect.

Which is the most accurate solution?
Is there another, better option?

+1  A: 

If you are using PHP then you can use

http://pecl.php.net/package/Fileinfo

Which will inspect many aspects of the file. For Python you can use

http://pypi.python.org/pypi/python-magic/0.1

Which is the bindings for libmagic on Linux/Unix and possibly Windows? systems. See:

man magic
man libmagic

On Linux. It uses magic number tests to try and assert mime-types of files.

I like the magic number method, because it can catch wrong extensions and alot of trickery if you are handling files on a webserver that are uploaded. These tests are generally one-offs so the performance hit of reading through the file is negligible.

Aiden Bell  2009-05-20 22:10:17
+1  A: 

I don't think you can rely on any one of these as being the definite "I am mime type x". The problem with the first two are that the content type supplied may be incorrect, because of issues with the client (browser or otherwise) or a misleading request (various hack attempts etc...) from various clients.

So you should probably try and combine information from each type and work out some sort of confidence level. Iif the file extension says .doc and the mime type is application/msword then there's a pretty good chance it's a word document, but run it through a mime type detection utility just to make sure.

There should be a solution available for mime magic detection with the language you're using - you didn't mention which one though. They all generally work by looking at the first few bytes/characters of the file and match them against a lookup table of mime types. Some also remove the BOM from the file to help with this. Often they fall back to plain text if the mime type can't be detected.

If you want a platform independent approach to this then take a look at the various Java libraries that exist:

Jon  2009-05-20 22:36:29

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?