Solved

MIME Types

Posted on 1997-09-02
3
238 Views
Last Modified: 2013-12-03
When I use the INPUT TYPE=file tage I want to use also the ACCEPT element and restrict the browser to accept only one type of fiel (for example: image/gif) But even though I restricted the browser to image/tiff, he accepted everything. Is there a solution?
0
Comment
Question by:goweb
3 Comments
 
LVL 1

Expert Comment

by:dirge
ID: 1838877
Please give an example of your HTML form code so we have a better idea of what went wrong...
0
 

Author Comment

by:goweb
ID: 1838878
here is an example of my html tags:

<FORM ENCTYPE="multipart/form-data" ACTION="/web_office/upload.pl" METHOD="POST">
File To Upload: <INPUT TYPE="file" NAME="upload-file" SIZE=35>
<INPUT TYPE="hidden" NAME="order" VALUE="1_12">

<INPUT TYPE="submit" VALUE="Attach file"></TD>
</FORM>

0
 
LVL 4

Accepted Solution

by:
jshamlin earned 50 total points
ID: 1838879
The ENCTYPE tells the CGI process what sort of data to expect so that it may porcess it correctly, but will not limit the kind of file the user may submit - I could, for example, send a GIF file encoded as plain text (or as anything else for that matter) - and so, the ENCTYPE is not a solution - it's all ones and zeroes to the gateway.

Your best solution, in this case, would be to perform error checking on the file name - more specifically, the extension.  When the user submits the form, check the filename first to make sure it has the proper extension (.gif or whatever) - stop all processing and return an error screen if it isn't.

Granted, this will not stop users from manually changing the file extension to ".gif", no matter what the input type is - and it will also be a bit troublesome to Macintosh users, whose systems don't require file extensions - but because there's no automated way to analyze the encoded file to determine its MIME type, that may be the best you can do.

Afterthought: I've never tried this, but if you can read the content of the file "on the fly", some file format information is contained within the first line or two of the file (when viewed as text) - for example, if you open a GIF with a text editor the first characters identify the type (GIF87, GIF89a, etc) and characters 6-10 of a JPEG are "JFIF" - if you can parse and evaluate that data before saving the file to the server (or whatever operation comes next), that could be a quite effective method of evaluation.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Understanding mobile browsers 9 64
Javasctipt 2 25
HTML - Color not displaying correctly in EMAIL. 6 37
Else condition 9 18
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this tutorial viewers will learn how to style elements, such a divs, with a "drop shadow" effect using the CSS box-shadow property Start with a normal styled element, such as a div.: In the element's style, type the box shadow property: "box-shad…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question