/    Sign up×
Community /Pin to ProfileBookmark

determine image-type WITHOUT reading header information

Copy linkTweet thisAlerts:
Jan 06.2016

Is there a way to determine the file type by directly scanning the file itself, rather than reading it from the header? I know it seems like overkill…but I don’t want someone to be able to edit the mime-type of a file (say changing it from “image/png” to “image/gif”) and then do the same thing with the file extension, without me being able to tell.

I experimented with this by using the ImageMagick method [B]setImageFormat[/B] to change a jpeg to a gif. Then I saved it to the harddrive with [B]writeImage[/B] and retrieved it again using GD. Then I used the [B]imagecreatefromgif[/B] function on it, and it returned true, even though it was still really a jpeg.

Is there any kind of test that will return false if the file contents don’t agree with the mime-type?

to post a comment
PHP

4 Comments(s)

Copy linkTweet thisAlerts:
@NogDogJan 06.2016 — getimagesize() includes the MIME type in the results array, so you could experiment with that, perhaps.
Copy linkTweet thisAlerts:
@boneconeauthorJan 07.2016 — mime-type is part of the header isn't it?

It doesn't seem to matter anyway, now that I've played around with things a bit more.

Basically if you take any image file: gif, png or jpg & you change the file extension to one of the other two, it still displays properly in the browser anyway so the whole thing is a non-issue. I just get really OCD about these things sometimes.
Copy linkTweet thisAlerts:
@rootJan 07.2016 — the file extension is one way but not reliable, if you want to know why then I suggest you read up on security and hacking.

The browser will read the image type from the header...

The only reliable way of determining the type is with the suggested route that NogDog states.
Copy linkTweet thisAlerts:
@NogDogJan 07.2016 — And as alluded to in the other recent thread, you [i]could[/i] force it to a type with imagecopy() or the ImageMagick corollary, if you really, really want to be sure. ?
×

Success!

Help @bonecone spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.17,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...