How can I check the file type from within the application? I know how to do it in PHP, but can't seem to figure it out in Perl.
Thanks.
$filename = param('uploaded_file');
$type = uploadInfo($filename)->{'Content-Type'};
unless ($type eq 'text/html') {
die "HTML FILES ONLY!";
}
[perldoc.perl.org...]
This is not foolproof though. Probably the better way is to use one of the MIME modules, like File::MimeInfo, but that requires the freedesktop mime info database be installed, and I am not sure how common it is for hosts to have that database installed.
Do not go strictly by filename / file-exension... In early scripts I wrote that accepted uploads, I only checked to see if the file was named correctly, (ie- filename.jpg or filename.gif)... And then displayed it back to the person who uplaoded it --- one smart person uploaded a file with a "matching pattern"... but it was a PHP file, (ie- use a name something like "testfile.php dummy.jpg" and the file uploads on some servers, but is saved as "testfile.php")..
Needless to say, I quickly shut down the upload capability until I was as sure as I could be that they were uploading the type of file I wanted.
Use the Image::Magick/ perl magick modules, this will allow you to do both **and** check for valid file type, regardless of the extension. This is important for Macintosh users, who seldom use or abuse extensions (my .image.new):
%formats = ('Tagged Image File Format', 'tif',
'Joint Photographic Experts Group JFIF format', 'jpg',
'CompuServe graphics interchange format', 'gif',
'Microsoft Windows bitmap image', 'bmp');
$pic = Image::Magick->new;
$x =$pic->Read("$root/$imagedir/$prodimages/$img");
## Does not exist or is not an image file format
if ($x) { &error("Could not read image file"); }
$w = $pic->GetAttribute('width');
$h =$pic->GetAttribute('height');
$type = $pic->GetAttribute('format');
if (! $formats{$type}) { &error("Only Tiff, gif, jpg, or bmp images permitted"); }
