0

I am creating an upload screen which allows the user to upload images in RAW format. There are multiple RAW formats and I have a pre defined list of them. 

define ('ALLOWED_FILE_TYPE', array(
    "image/jpeg", 
    "image/jpg", 
    "image/tif", 
    "image/png", 
    "image/bmp", 
    "image/x-canon-cr2",
    "image/x-canon-crw", 
    "image/x-kodak-dcr",  
    "image/x-nikon-nef", 
    "image/x-olympus-orf", 
    "image/x-sony-arw",
    "image/x-adobe-dng",
    "image/x-epson-erf",
    "image/x-kodak-k25",
    "image/x-kodak-kdc",
    "image/x-minolta-mrw",
    "image/x-pentax-pef",
    "image/x-fuji-raf",
    "image/x-panasonic-raw",
    "image/x-sony-sr2",
    "image/x-sony-srf",
    "image/x-sigma-x3f"
    ));

(I found this list on stackoverflow. I have not had a chance to check it's authenticity.)

My script is a standard upload form with a call to a method to check the upload file type. Unfortunately, with RAW files, the file type that comes back is 'application/octet-stream':

array (
  'name' => 'DSCF0450.RAF',
  'type' => 'application/octet-stream',
  'tmp_name' => '/private/var/tmp/phpVFT8BJ',
  'error' => 0,
  'size' => 50560000,
)

Clearly, the RAW file is not being recognised as an image.

Can anyone tell me why?

Do I have to change the upload form enctype to something other than enctype="multipart/form-data"?

Can anyone tell me how to get the raw file recognised as an image?

N.B:

Processing the image is not an issue. I am trying to validate the upload.

I have tried using finfo and finfo_file to get a file type (it also returns 'application/octet-stream').

I know I could get the file extension and check against that. I would rather not rely on something that can be easily altered, unless I absolutely have to.

Thanks in advance.

Phfog
  • 75
  • 5

1 Answers1

0

Can anyone tell me why?

The content-type of an uploaded file is provided by the client. It is being reported as application/octet-stream (i.e. some bytes of data in no recognized format) because the browser/OS doesn't that is uploading it doesn't recognize the file type.

Do I have to change the upload form enctype to something other than enctype="multipart/form-data"?

No. The content-type reported for the file is specified for the part of the upload (which consists of multiple parts of form data).

Can anyone tell me how to get the raw file recognised as an image?

Short of making changes to every browser that accesses your website (which isn't practical except under very unusual circumstances), you can't. At least not at this point.

I am trying to validate the upload.

Validating that a file is an image by trusting that the content-type header sent by the client isn't safe anyway.

I have tried using finfo and finfo_file to get a file type (it also returns 'application/octet-stream').

Likely for the same reason that the client couldn't identify it. RAW files are distinctly non-standard.

Processing the image is not an issue.

Then the tools you use to process it are likely the best way to determine if it is the type of data you want.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Thanks @Quentin, good to know. you've given me an idea. I am going to check the file extension at submit (to check no one is uploading non image files accidentally) AND on the server side, I will check the file is actually an image (in case anyone is bananas enough to rename a .doc file .png!) Hopefully, that will be enough validation. – Phfog Jun 10 '20 at 09:29