Re: FN-FORUM: file size /type best practice

date posted 29th January 2007 12:36

[EMAIL REMOVED] wrote:
> parsing the filename for the correct extension is a good idea as a
> basic check, but you really need to make sure that whats being
> uploaded really is an image and not a script with a image file
> extension. Mime-type checks are one way but they can be spoofed.
> I'd use something like exif_imagetype() which is a bit better at
> making sure an image is indeed an image.

any suggestions for how to check a PDF is in fact a PDF other than using
$_FILES['file']['type']

especially as some extensions (can't find which one it was/is) for
Firefox turn the PDF mime type into 'application/x-force-download'

Which I could add to my acceptable type array, but what else gets that
type? anyone know?

TIA