• Mihai

    IE tickles your brains 🙂 that’s cool

  • IE is the most retarded technology yet…

  • Why aren’t you checking for extension instead of MIME type?

  • Because that’s the proper way to do it. If an user uploads a BMP file that ends with .jpg, it’s still a BMP file and should not be treated as a JPEG 😛

  • Well, apparently not. I’ve made some quick tests with a PNG file of which I changed the extension to BMP. Firefox 3.5, Opera 10 and Chrome 3, all return the mime type as being image/bmp. Surprisingly, the browser you despise the most, Internet Explorer 6, reports a image/x-png mime type. Yeah, image/x-png, another mime type for you :P, but at least it’s PNG.

    Anyway, my main point was that I could upload a PY file with an image mime type, by using cURL or whatever and you won’t even know. But, then again, this is a Python application, so uploading PY files probably don’t matter, but in PHP applications, and I’m sure you know that, an uploaded PHP file means great trouble.

    I’m wondering if Python has any library that guesses a file’s mime type by reading the actual bytes. PHP has such a library called fileinfo. That would be almost proper validation.

  • Yes, you’re right! I’ve double checked that. It is quite lame for a browser to pass a MIME based only the file’s extension. But IE still sucks for inventing a non standard MIME type 🙂

  • Petr Felzmann

    Firefox look at the registry and send the content type based on file extension settings.

    BTW we have opposite problem that IE is not able to render pjpeg but FF is able :-S

  • Which IE?

  • Petr Felzmann

    All versions, namely IE8, IE7 and IE6 as well.

Advertisment ad adsense adlogger