This is not a real bug BUT for sure it is not what you would expect. I have this sample code to upload images:
if($type=="image/jpg" || $type=="image/jpeg" || $type=="image/pjpeg" || $type=="image/tiff" || $type=="image/gif" || $type=="image/png") {
// make upload
else echo "Incorrect format ....";
The problem is that if I modify the extension of an image, let's say to .jpgq or even .jpg% and I try to upload it, FF and Chrome will say that the file"s type is "application/octet-stream" and normally the condition will be false.
IE, on the other hand, will say that the file's type is "image/jpeg", the condition will be true and the file will be uploaded. Of course, any browser trying to read the image later will not be able to do so.
It is not a bug because on msdn.microsoft.com it says that: "If the "suggested" (server-provided) MIME type is unknown (not known and not ambiguous), FindMimeFromData immediately returns this MIME type" and "If the server-provided MIME type is either known or ambiguous, the buffer is scanned in an attempt to verify or obtain a MIME type from the actual content."
My questions are:
- Why does IE / the server knows the real MIME type on upload BUT it will fail to read it from the server?
- How can I work around this issue (if the file doesn't have the right extension, the condition has to be false)? Is it wise to check the extension format (and not the MIME type)?
- is any of the above extensions not recomended to use? Should I add others?
