We help IT Professionals succeed at work.

MIME Types

goweb
goweb asked
on
Medium Priority
288 Views
Last Modified: 2013-12-03
When I use the INPUT TYPE=file tage I want to use also the ACCEPT element and restrict the browser to accept only one type of fiel (for example: image/gif) But even though I restricted the browser to image/tiff, he accepted everything. Is there a solution?
Comment
Watch Question

Commented:
Please give an example of your HTML form code so we have a better idea of what went wrong...

Author

Commented:
here is an example of my html tags:

<FORM ENCTYPE="multipart/form-data" ACTION="/web_office/upload.pl" METHOD="POST">
File To Upload: <INPUT TYPE="file" NAME="upload-file" SIZE=35>
<INPUT TYPE="hidden" NAME="order" VALUE="1_12">

<INPUT TYPE="submit" VALUE="Attach file"></TD>
</FORM>

Commented:
The ENCTYPE tells the CGI process what sort of data to expect so that it may porcess it correctly, but will not limit the kind of file the user may submit - I could, for example, send a GIF file encoded as plain text (or as anything else for that matter) - and so, the ENCTYPE is not a solution - it's all ones and zeroes to the gateway.

Your best solution, in this case, would be to perform error checking on the file name - more specifically, the extension.  When the user submits the form, check the filename first to make sure it has the proper extension (.gif or whatever) - stop all processing and return an error screen if it isn't.

Granted, this will not stop users from manually changing the file extension to ".gif", no matter what the input type is - and it will also be a bit troublesome to Macintosh users, whose systems don't require file extensions - but because there's no automated way to analyze the encoded file to determine its MIME type, that may be the best you can do.

Afterthought: I've never tried this, but if you can read the content of the file "on the fly", some file format information is contained within the first line or two of the file (when viewed as text) - for example, if you open a GIF with a text editor the first characters identify the type (GIF87, GIF89a, etc) and characters 6-10 of a JPEG are "JFIF" - if you can parse and evaluate that data before saving the file to the server (or whatever operation comes next), that could be a quite effective method of evaluation.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.