Is there any built-in function in PHP to validate an audio file except comparing MIME types, which can easily be invalid, because who says user uploads it only using a web-browser, anyone can make custom uploader sending let's say MIME type as audio/mpeg even though it's an EXE.
Or do I really have to compare magic numbers of each file?
Let's say I would accept only mp3,ogg,wav,mka,wma,mp4 (m4a) to be uploaded.
分享 You can use the FileInfo extension. The mime types here are not provided by the client; they are figured out by the FileInfo extension. The mime types are figured out by looking at the contents of the file (often the first few bytes of the file, but some file formats need a little more analysis).
So, if a file is recognized as an audio file then it cannot be an executable. It may be an executable with an audio file signature, but audio players will not execute it; they will just read the file and treat it as audio data (and most likely give you an error saying that the file is corrupted).
I am not sure to what extent the extension looks at the file, but I a pretty sure it does as little as it can get away with. In other words, it most likely does not go through the entire file, checking that it is 100% valid. In order to do that to all the file formats you are allowing, you would need more heavy-duty programs, and probably at least a dedicated server. Unless you absolutely need to be 100% sure of a file's validity, doing a cursory check, like here, should be enough.
$file = '/path/to/file.mp3';
$info = new finfo(FILEINFO_MIME);
$type = $info->buffer(file_get_contents($file));
switch ($type) {
case 'audio/mpeg':
echo 'MP3!';
break;
case 'audio/ogg':
echo 'OGG!';
break;
case 'audio/wav':
echo 'WAV!';
break;
case 'audio/x-matroska':
echo 'MKA!';
break;
case 'audio/mp4':
echo 'MP4!';
break;
default:
die('Format not supported!');
break;
}
