©
This document uses PHP Chinese website manual Release
此扩展没有在 php.ini 中定义配置指令。
[#1] thomandre at gmail dot com [2013-05-30 14:41:16]
In the PHP 5.3.13 CLI version, it might use the "MAGIC" environnement variable to get the magic database file. Due to the fact that this version doesn't use the standard format, this file may be wrong. You can see it via a simple script :
<?php
var_dump($_SERVER['MAGIC']);
?>
Unset this variable and it will work again. You can use unsetenv (C-Shell) or unset (Bourne Shell).
This does not affect the Apache version. Other CLI versions might be affected.
I lost a lot of time on this undocumented issue.
[#2] sam nospam at archives.org.au [2010-03-23 22:03:10]
In addition to
extension=fileinfo.so
I also had to add
mime_magic.magicfile=/usr/share/file/magic
to my php configuration. Then, I instantiate Finfo thus:
<?php
$mimeMagicFile = get_cfg_var('mime_magic.magicfile');
$finfo = new finfo(FILEINFO_MIME, $mimeMagicFile);
?>
(This is despite the rumours I hear about the default being exactly what I set it to anyway.)
[#3] wade at waddles dot org [2008-08-12 08:18:51]
On Ubuntu Feisty, you need to add the line
extension=fileinfo.so
to your /etc/php5}
if( substr($s,0,3) == 'BZh' ){}
?>
I am not an encoding expert. My only testing was using a few of my own encoded files.
[#8] darko at uvcms dot com [2008-08-01 08:28:15]
OO (bit improved) version of the same thing
<?php
$file = '<somefile>';
$ftype = 'application/octet-stream';
$finfo = @new finfo(FILEINFO_MIME);
$fres = @$finfo->file($file);
if (is_string($fres) && !empty($fres)) {
$ftype = $fres;
}
?>
[#9] darko at uvcms dot com [2008-04-24 09:53:46]
Another interresting feature of finfo_file on Windows.
This function can return empty string instead of FALSE for some file types (ppt for example). Therefore to be sure do a triple check of output result and provide default type just in case. Here is a sample code:
$ftype = 'application/octet-stream';
$finfo = @finfo_open(FILEINFO_MIME);
if ($finfo !== FALSE) {
$fres = @finfo_file($finfo, $file);
if ( ($fres !== FALSE)
&& is_string($fres)
&& (strlen($fres)>0)) {
$ftype = $fres;
}
@finfo_close($finfo);
}
[#10] WebShowPro [2007-09-25 14:01:49]
Just an improvement on the sample Ryan Day posted - slightly off topic since this method does not use finfo_file but in some cases this method might be preferable.
The main change is the -format %m parameters given to the identify call. I would suggest using the full system path to identify i.e. /usr/bin/identify to be a little safer (the location may change from server to server though).
<?php
function is_jpg($fullpathtoimage){
if(file_exists($fullpathtoimage)){
exec("/usr/bin/identify -format %m $fullpathtoimage",$out);
//using system() echos STDOUT automatically
if(!empty($out)){
//identify returns an empty result to php
//if the file is not an image
if($out == 'JPEG'){
return true;
}
}
}
return false;
}
?>
[#11] Schraalhans Keukenmeester [2007-05-21 15:20:48]
Tempting as it may seem to use finfo_file() to validate uploaded image files (Check whether a supposed imagefile really contains an image), the results cannot be trusted. It's not that hard to wrap harmful executable code in a file identified as a GIF for instance.
A better & safer option is to check the result of:
if (!$img = @imagecreatefromgif($uploadedfilename)) {
trigger_error('Not a GIF image!',E_USER_WARNING);
// do necessary stuff
}