0

on my website I want to allow people to upload guitar pro files. Apparently there is no specific MIME type for these (I tested and it gave me 'application/octet-stream'). Is there a way to check and be 100% sure the files are guitar pro files and not something else? Thanks

romainberger
  • 4,563
  • 2
  • 35
  • 51
  • There is surely a specific header on each files that you could check? Check a couple of them with an hex editor. – jValdron Jan 11 '12 at 19:44
  • Read in the header string and test if it matches (regex would be best here). If there is no agreed MIME type, you cannot test against it. (Also those are not reliable for uploads). If you want to serve your downloads with something useful, set the type `audio/x-guitar-pro` or something, not the useless `application/*` – mario Jan 11 '12 at 19:44

2 Answers2

1

Read the first bytes from the uploaded file. For example this is how I used to check uploaded files when I was creating similar functionality.

$f = fopen($_FILES['tmp_name'], "rb");
fseek($f, 1);
$in = fgets($f, 19);
fclose($f);

if ($in == 'FICHIER GUITAR PRO') { ... }

So reading chars from 1st to 19th would give me string 'FICHIER GUITAR PRO'. This approach worked for me for gp4 files. Also I used to check files extensions. However keep in mind that there is no real check you can perform in order to filter malicious uploads since faking this first bytes as well as extension is pretty easy. So there should always be some additional moderation of all uploaded files.

dfsq
  • 191,768
  • 25
  • 236
  • 258
0

You should parse the file and see if the version string is correct:

http://dguitar.sourceforge.net/GP4format.html
Evert
  • 93,428
  • 18
  • 118
  • 189
  • Thanks, I'm pretty new to php, how can I do that? And this is just for the gp4 files, is there the same thing for the other versions? – romainberger Jan 11 '12 at 19:45