检查文件扩展名与 php 中的 mimetype 之间的兼容性

check compatibility between file extensions with mimetype in php

如何确保文件具有指定的扩展名和 mimetype,因为可能有人更改了文件扩展名。这可用于防止上传具有相同文件扩展名但不同 mimetype 的文件。


function mimeInfo($filename) {
    $realpath = realpath( $filename );
    if ( $realpath
        && function_exists( 'finfo_file' )
        && function_exists( 'finfo_open' )
        && defined( 'FILEINFO_MIME_TYPE' )
    ) {
        // Use the Fileinfo PECL extension (PHP 5.3+)
        return finfo_file( finfo_open( FILEINFO_MIME_TYPE ), $realpath );
    if ( function_exists( 'mime_content_type' ) ) {
        // Deprecated in PHP 5.3
        return mime_content_type( $realpath );
    return false;

function uploadAllows($pathfile){
$fileAllows = array(

$mimeInfo = mimeInfo($pathfile);
$file = pathinfo($pathfile);
$ext = $file['extension'];

            if(in_array($mimeInfo, $fileAllows[$ext])){
                return true;
                return false;
            if(in_array($mimeInfo, $fileAllows)){
                return true;
                return false;

预期 1:

1. extension must *.rar
2. mimetype must "application/x-rar"

预计 2:

1. extension must *.xls
2. mimetype must one of the spesific array



// MIME types must be array even if there is only 1 of them
$fileAllows = array(

$mimeInfo = mimeInfo($pathfile);
$file = pathinfo($pathfile);
$ext = strtolower($file['extension']); // convert to lowercase

if(is_array($fileAllows[$ext])) return in_array($mimeInfo, $fileAllows[$ext]);
else return false;