0

I am trying to upload files and check if the uploading files are really pdf files, so I resort to the fileinfo functions in php.

The problem is that the code is not validating anything. It will allow all sorts of files to be uploaded including viruses. Currently, I am checking the file extension name but it's not secured and that's why am resorting to fileinfo. Can someone tell me what is wrong with the code? I am running php version 5.3.5

if (function_exists('finfo_open')) {
    $mime = finfo_open(FILEINFO_MIME_TYPE);
    $mime_type = finfo_file($mime, $_FILES['myfile']['tmp_name']);
    if ($mime_type == "application/pdf") {
        echo "file is pdf";
    } else {
        echo "file is not pdf";
        finfo_close($mime);
        exit();
    }
}
Sean Bright
  • 118,630
  • 17
  • 138
  • 146
chinazaike
  • 517
  • 6
  • 19
  • Echo the `$mime_type` value to see what do you get. – José A. Zapata Sep 07 '18 at 21:23
  • If echo $mime_type it will not display or echo anything. – chinazaike Sep 07 '18 at 21:33
  • Do you get an error message at any point? – José A. Zapata Sep 07 '18 at 21:37
  • no error message at all – chinazaike Sep 07 '18 at 21:39
  • 2
    If no message is being displayed when this code is executed, then it would appear that if (function_exists('finfo_open')) is returning false. What happens if you remove that? – gmfm Sep 07 '18 at 21:58
  • if i remove the if(function_exiist(finfo_open), it will display error Fatal error: Call to undefined function finfo_open() in C:\xampp\htdocs\wall\upload_plan.php – chinazaike Sep 07 '18 at 22:24
  • I think you may want to open a new question asking why finfo_open is missing from your php 5.3.5 setup. This should be available after 5.3.0. Possibly check this question: https://stackoverflow.com/questions/26072725/fatal-error-call-to-undefined-function-finfo-open-in-php – gmfm Sep 07 '18 at 22:35
  • Thanks @gmfm. The link saved me. I went to php.ini and uncomment/remove the semicolon before fileinfo.dll ;extension=php_fileinfo.dll remove the semicolon ; (uncomment it) extension=php_fileinfo.dll I then save and restart apche and behold. its working now. Thanks. You can update your answer so that I can select it as correct or should I update the answer myself. between thanks – chinazaike Sep 08 '18 at 05:53

1 Answers1

1

The issue has to do with enabling fileinfo.dll in php.ini files.

I went to php.ini and uncomment/remove the semicolon before ;extension=php_fileinfo.dll

so that it will look like below extension=php_fileinfo.dll

I then save and restart apche and behold, its working now. Thanks

Community
  • 1
  • 1
chinazaike
  • 517
  • 6
  • 19