I've been struggling on this for the last few days: what I am trying to do is read the true mime type of a zip archive's contents before actually extracting it. I need to parse the contents with php afterwards, so I want to make sure no fake mime has been put in the zip, and nothing I blacklisted. I can obviously check the extension but I have no guarantee it matches the real mime. Is there any way to do it? I tried getting the stream like:
for($i = 0; $i < $zip->numFiles; $i++) {
$entry = $zip->getNameIndex($i);
$entry_data = $zip->getStream($entry);
}
But I am not able to retrieve the mime type from a file handle. I also tried with
$zip_entry = 'zip://'.$tmp.'#'.$entry;
And use finfo on that, but $tmp is the name of the temporary uploaded resource (that is, the zip), so file_exists always returns false and I can't use file_get_contents. Any chance I can get finfo to work with the contents of an uploaded zip, before extracting it? Or is there any other best practice to prevent bad formats upload? Thanks in advance!
EDIT: Solved! ZipArchive::getFromIndex can actually be passed to finfo buffer
$finfo->buffer($zip->getFromIndex($i))
