问题
I'm creating a script to only upload zip files and I have the following validation allready:
if($itemtype != "application/x-zip-compressed"
&& $itemtype != "application/zip" && $itemtype != "application/octet-stream") {
throw new exception("Your file should be a zip file!");
}
but I have a file with file type application/force-download but when I look in the mime types I can't find it, should I still add it in the validation (see code above)? the file I try to upload should be a normal zip file ... well that's what I thought
回答1:
Fix your code in your example and make your question more clear.
That said, it's unclear whether you're trying to validate an uploaded file or a downloaded file.
I'm going to take a wild guess and say that you might be trying to serve a file that's already uploaded. Mimetypes are a pretty bad way of validating that, but your problem might actually lie with your webhost. In similar situations in the past, I've seen shared hosting providers inserting all kinds of headers without my permission, resulting in problems similar to what you might be experiencing, were your question more precise. Unfortunately, the solution in that particular case was to re-write the entire serving process for the download in php, which had a whole bunch of problems of its own.
回答2:
You need to check file extension, not the content type. Especially, because different browsers can send different content types.
来源:https://stackoverflow.com/questions/1548573/application-force-download