9 Responses

  1. Mihai
    Mihai at | | Reply

    IE tickles your brains :) that’s cool

  2. Ionut G. Stan
    Ionut G. Stan at | | Reply

    Why aren’t you checking for extension instead of MIME type?

  3. Ionut G. Stan
    Ionut G. Stan at | | Reply

    Well, apparently not. I’ve made some quick tests with a PNG file of which I changed the extension to BMP. Firefox 3.5, Opera 10 and Chrome 3, all return the mime type as being image/bmp. Surprisingly, the browser you despise the most, Internet Explorer 6, reports a image/x-png mime type. Yeah, image/x-png, another mime type for you :P, but at least it’s PNG.

    Anyway, my main point was that I could upload a PY file with an image mime type, by using cURL or whatever and you won’t even know. But, then again, this is a Python application, so uploading PY files probably don’t matter, but in PHP applications, and I’m sure you know that, an uploaded PHP file means great trouble.

    I’m wondering if Python has any library that guesses a file’s mime type by reading the actual bytes. PHP has such a library called fileinfo. That would be almost proper validation.

  4. Petr Felzmann
    Petr Felzmann at | | Reply

    Firefox look at the registry and send the content type based on file extension settings.

    BTW we have opposite problem that IE is not able to render pjpeg but FF is able :-S

  5. Petr Felzmann
    Petr Felzmann at | | Reply

    All versions, namely IE8, IE7 and IE6 as well.

Leave a Reply

Advertisment ad adsense adlogger