2

I've been struggling on this for the last few days: what I am trying to do is read the true mime type of a zip archive's contents before actually extracting it. I need to parse the contents with php afterwards, so I want to make sure no fake mime has been put in the zip, and nothing I blacklisted. I can obviously check the extension but I have no guarantee it matches the real mime. Is there any way to do it? I tried getting the stream like:

for($i = 0; $i < $zip->numFiles; $i++) {
                $entry = $zip->getNameIndex($i);
                $entry_data = $zip->getStream($entry);
}

But I am not able to retrieve the mime type from a file handle. I also tried with

$zip_entry = 'zip://'.$tmp.'#'.$entry;

And use finfo on that, but $tmp is the name of the temporary uploaded resource (that is, the zip), so file_exists always returns false and I can't use file_get_contents. Any chance I can get finfo to work with the contents of an uploaded zip, before extracting it? Or is there any other best practice to prevent bad formats upload? Thanks in advance!

EDIT: Solved! ZipArchive::getFromIndex can actually be passed to finfo buffer

$finfo->buffer($zip->getFromIndex($i))
NemoPS
  • 409
  • 2
  • 13
  • 1
    I think this has already been asked: http://stackoverflow.com/questions/10363199/getting-mime-type-of-zipped-files – Paul Feb 05 '15 at 10:37
  • I tried with that but as you can see above I can't get it working with an uploaded .tmp file. This is the full path I get: $zip_entry = zip://C:\wamp\tmp\php12E.tmp#file.php'; – NemoPS Feb 05 '15 at 10:38
  • Solved! I read through that 4 times and found this: $zip->getFromIndex($i) Which seems to work with finfo. Thanks! – NemoPS Feb 05 '15 at 10:42
  • Good to hear that! Can you mark it as completed? – Paul Feb 05 '15 at 10:44
  • Uh I can't find the green tick, I must be blind today – NemoPS Feb 05 '15 at 10:48

0 Answers0