So apparently, Internet Explorer reports .jpg files as image/pjpeg instead of image/jpeg like everyone else does. Even the IETF RFCs use image/jpeg in their examples!

As one of the developers on a image-hosting site for a class project, I find this annoying. Why would Microsoft do this, and does anyone know what else they've changed?

love1another

United States1844 Posts

March 19 2010 19:41 GMT

That's really strange. I'll see if I can find anything about this.

Edit: Check http://msdn.microsoft.com/en-us/library/ms775147(VS.85).aspx

538

Hungary3932 Posts

March 19 2010 19:43 GMT

lol, are you looking for a comprehensive list of things in which IE does not follow the general practice or the industry standards? Good luck with that

Seriously though, you must be really quite new to web-development i presume.

love1another

United States1844 Posts

March 19 2010 19:45 GMT

I think OP is referring only to different MIME handling. If you give a use case of where this is causing a problem, I can probably of be more help by suggesting certain workarounds.

R1CH

Netherlands10340 Posts

March 19 2010 19:59 GMT

How does Internet Explorer "report" a mime type anyway? It's up to the web server to send the appropriate Content-type to the browser.

Aerox

Malaysia1213 Posts

March 19 2010 20:26 GMT

On March 20 2010 04:59 R1CH wrote:
How does Internet Explorer "report" a mime type anyway? It's up to the web server to send the appropriate Content-type to the browser.

From the love1another's link:

The purpose of MIME type detection, or data sniffing, is to determine the MIME type (also known as content type or media type) of downloaded content using information from the following four sources:

-The server-supplied MIME type, if available
-An examination of the actual contents associated with a downloaded URL
-The file name associated with the downloaded content (assumed to be derived from the associated URL)
-Registry settings (file extension/MIME type associations or registered applications) in effect during the download

As for OP, I guess he just wanted a reason for IE not being standard... from same link:

In some cases, the detected MIME type can differ from the generally accepted value for backwards compatibility, as shown in the following table:

Standard MIME Type......... FindMimeFromData Returns
image/jpeg........ image/pjpeg
image/png.........image/x-png

Yeah, Netscape and IE were fucking around and trying to set their own standards and stuff back in the older days.

edit: Oh, OP asked "what else?". Uh, too much. LOL. Shouldn't be hard to google. I don't know if someone compiled a unified list yet but there should be mini lists like differences with CSS or HTML tags.... etc.

R1CH

Netherlands10340 Posts

March 19 2010 20:35 GMT

I'm just wondering in what situation you would ever have it be an issue since a server-provided mime-type is issued in almost every circumstance. I'm guessing this has to do with opening files locally rather than from a web server?

love1another

United States1844 Posts

March 19 2010 20:39 GMT

On March 20 2010 04:59 R1CH wrote:
How does Internet Explorer "report" a mime type anyway? It's up to the web server to send the appropriate Content-type to the browser.

But the web server generally doesn't give specifics. Octet stream, for example, is all a non-customized file transfer will say. It's up to the client, often, to determine what to do with the downloaded file. It usually figures this out based on the file extension.

On March 20 2010 05:35 R1CH wrote:
I'm just wondering in what situation you would ever have it be an issue since a server-provided mime-type is issued in almost every circumstance. I'm guessing this has to do with opening files locally rather than from a web server?

I requested a use case, because I had the same question... generally the server and client can decide the MIME type independently, so from the server's perspective, you don't really give a shit if Internet Explorer says the jpeg is a pjpeg. Likewise, if a client uploads a "pjpeg" type, the server generally uses its own algorithm for determining what the file is anyway. And I just realized your icon is MTG.

Huanir

United States85 Posts

March 19 2010 20:44 GMT

Yeah, I want to restrict the types of files a user can upload, probably to jpegs, pngs, and gifs.

Huanir

United States85 Posts

March 19 2010 20:45 GMT

#10

On March 20 2010 04:45 love1another wrote:
I think OP is referring only to different MIME handling. If you give a use case of where this is causing a problem, I can probably of be more help by suggesting certain workarounds.

In the following code, uploading a jpeg in IE would follow the "Invalid file" path.

<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
}
else
{
echo "Invalid file";
}
?>

Huanir

United States85 Posts

March 19 2010 20:46 GMT

#11

And I know that checking for "image/pjpeg" would easily solve the issue, but I think this is an ugly workaround, considering that it's supposed to be standard.

XD @ Microsoft

love1another

United States1844 Posts

March 19 2010 20:47 GMT

#12

On March 20 2010 05:44 Huanir wrote:

Show nested quote +

Yeah, I want to restrict the types of files a user can upload, probably to jpegs, pngs, and gifs.

Try reading this for an explanation of how it's done. http://www.bitrepository.com/how-to-validate-an-image-upload.html

Alternatively, check http://www.php.net/manual/en/function.getimagesize.php

There should be comparable functions for whatever language you're using.

If that stuff is TL;DR, then the key thing is don't trust what the client tells you. Figure the file type out yourself based on what's uploaded. Otherwise, what if I had a malicious client that sent you a malicious php script while telling you "lol, I'm a jpg let me through." I don't know if your configuration will be stupid enough to let this happen in practice, but it's still a bad idea.

Edit: And try not to triple post.

Huanir

United States85 Posts

March 19 2010 20:57 GMT

#13

On March 20 2010 05:47 love1another wrote:

Show nested quote +

Many thanks; the links were indeed helpful (as was the mentality you suggested). And sorry about the triple-post. I didn't occur to me until after I'd posted them that I should have used Edit. v_v

R1CH

Netherlands10340 Posts

March 19 2010 21:06 GMT

#14

Oh, you should never trust the mime-type that the browser provides for file uploads. I could easily upload a .exe and claim it was an image/png if that's all you checked.

See http://shsc.info/FileUploadSecurity for more info about how to do this properly.