EPTAs one of the developers on a image-hosting site for a class project, I find this annoying. Why would Microsoft do this, and does anyone know what else they've changed?
IE and MIME types
| Blogs > Huanir |
|
Huanir
United States85 Posts
As one of the developers on a image-hosting site for a class project, I find this annoying. Why would Microsoft do this, and does anyone know what else they've changed? | ||
|
love1another
United States1844 Posts
Edit: Check http://msdn.microsoft.com/en-us/library/ms775147(VS.85).aspx | ||
|
538
Hungary3932 Posts
 Seriously though, you must be really quite new to web-development i presume. | ||
|
love1another
United States1844 Posts
| ||
|
R1CH
Netherlands10341 Posts
| ||
|
Aerox
Malaysia1213 Posts
On March 20 2010 04:59 R1CH wrote: How does Internet Explorer "report" a mime type anyway? It's up to the web server to send the appropriate Content-type to the browser. From the love1another's link: The purpose of MIME type detection, or data sniffing, is to determine the MIME type (also known as content type or media type) of downloaded content using information from the following four sources: -The server-supplied MIME type, if available -An examination of the actual contents associated with a downloaded URL -The file name associated with the downloaded content (assumed to be derived from the associated URL) -Registry settings (file extension/MIME type associations or registered applications) in effect during the download As for OP, I guess he just wanted a reason for IE not being standard... from same link: In some cases, the detected MIME type can differ from the generally accepted value for backwards compatibility, as shown in the following table: Standard MIME Type......... FindMimeFromData Returns image/jpeg........ image/pjpeg image/png.........image/x-png Yeah, Netscape and IE were fucking around and trying to set their own standards and stuff back in the older days. edit: Oh, OP asked "what else?". Uh, too much. LOL. Shouldn't be hard to google. I don't know if someone compiled a unified list yet but there should be mini lists like differences with CSS or HTML tags.... etc. | ||
|
R1CH
Netherlands10341 Posts
| ||
|
love1another
United States1844 Posts
On March 20 2010 04:59 R1CH wrote: How does Internet Explorer "report" a mime type anyway? It's up to the web server to send the appropriate Content-type to the browser. But the web server generally doesn't give specifics. Octet stream, for example, is all a non-customized file transfer will say. It's up to the client, often, to determine what to do with the downloaded file. It usually figures this out based on the file extension. On March 20 2010 05:35 R1CH wrote: I'm just wondering in what situation you would ever have it be an issue since a server-provided mime-type is issued in almost every circumstance. I'm guessing this has to do with opening files locally rather than from a web server? I requested a use case, because I had the same question... generally the server and client can decide the MIME type independently, so from the server's perspective, you don't really give a shit if Internet Explorer says the jpeg is a pjpeg. Likewise, if a client uploads a "pjpeg" type, the server generally uses its own algorithm for determining what the file is anyway. And I just realized your icon is MTG.  | ||
|
Huanir
United States85 Posts
On March 20 2010 05:35 R1CH wrote: I'm just wondering in what situation you would ever have it be an issue since a server-provided mime-type is issued in almost every circumstance. I'm guessing this has to do with opening files locally rather than from a web server? Yeah, I want to restrict the types of files a user can upload, probably to jpegs, pngs, and gifs. | ||
|
Huanir
United States85 Posts
On March 20 2010 04:45 love1another wrote: I think OP is referring only to different MIME handling. If you give a use case of where this is causing a problem, I can probably of be more help by suggesting certain workarounds. In the following code, uploading a jpeg in IE would follow the "Invalid file" path. <?php if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg")) && ($_FILES["file"]["size"] < 20000)) { if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Stored in: " . $_FILES["file"]["tmp_name"]; } } else { echo "Invalid file"; } ?> | ||
|
Huanir
United States85 Posts
XD @ Microsoft | ||
|
love1another
United States1844 Posts
On March 20 2010 05:44 Huanir wrote: Yeah, I want to restrict the types of files a user can upload, probably to jpegs, pngs, and gifs. Try reading this for an explanation of how it's done. http://www.bitrepository.com/how-to-validate-an-image-upload.html Alternatively, check http://www.php.net/manual/en/function.getimagesize.php There should be comparable functions for whatever language you're using. If that stuff is TL;DR, then the key thing is don't trust what the client tells you. Figure the file type out yourself based on what's uploaded. Otherwise, what if I had a malicious client that sent you a malicious php script while telling you "lol, I'm a jpg let me through." I don't know if your configuration will be stupid enough to let this happen in practice, but it's still a bad idea. Edit: And try not to triple post. | ||
|
Huanir
United States85 Posts
On March 20 2010 05:47 love1another wrote: Try reading this for an explanation of how it's done. http://www.bitrepository.com/how-to-validate-an-image-upload.html Alternatively, check http://www.php.net/manual/en/function.getimagesize.php There should be comparable functions for whatever language you're using. If that stuff is TL;DR, then the key thing is don't trust what the client tells you. Figure the file type out yourself based on what's uploaded. Otherwise, what if I had a malicious client that sent you a malicious php script while telling you "lol, I'm a jpg let me through." I don't know if your configuration will be stupid enough to let this happen in practice, but it's still a bad idea. Edit: And try not to triple post. Many thanks; the links were indeed helpful (as was the mentality you suggested). And sorry about the triple-post. I didn't occur to me until after I'd posted them that I should have used Edit. v_v | ||
|
R1CH
Netherlands10341 Posts
See http://shsc.info/FileUploadSecurity for more info about how to do this properly. | ||
|
love1another
United States1844 Posts
| ||
| ||
