PhpRiot
Become Zend Certified

Prepare for the ZCE exam using our quizzes (web or iPad/iPhone). More info...


When you're ready get 7.5% off your exam voucher using voucher CJQNOV23 at the Zend Store

Zend_File_Transfer

MimeType validation

For security reasons we had to turn off the default fallback mechanism of the MimeType, ExcludeMimeType, IsCompressed and IsImage validators. This means, that if the fileInfo or magicMime extensions can not be found, the validation will always fail.

If you are in need of validation by using the HTTP fields which are provided by the user then you can turn on this feature by using the enableHeaderCheck() method.

Security hint

You should note that relying on the HTTP fields, which are provided by your user, is a security risk. They can easily be changed and could allow your user to provide a malcious file.

Example 1078. Allow the usage of the HTTP fields

// at initiation
$valid = new Zend_File_Transfer_Adapter_Http(array('headerCheck' => true);

// or afterwards
$valid->enableHeaderCheck();

Zend Framework