PhpRiot
Become Zend Certified

Prepare for the ZCE exam using our quizzes (web or iPad/iPhone). More info...


When you're ready get 7.5% off your exam voucher using voucher CJQNOV23 at the Zend Store

MimeType Validator

The MimeType validator checks the MIME type of transferred files. It supports the following options:

  • *: Sets any key or use a numeric array. Sets the MIME type to validate against.

    Defines the MIME type of files to be accepted.

  • headerCheck: If set to TRUE this option will check the HTTP Information for the file type when the fileInfo or mimeMagic extensions can not be found. The default value for this option is FALSE.

  • magicfile: The magicfile to be used.

    With this option you can define which magicfile to use. When it's not set or empty, the MAGIC constant will be used instead. This option is available since Zend Framework 1.7.1.

This validator accepts multiple MIME type, either as a comma-delimited string, or as an array. You may also use the methods setMimeType(), addMimeType(), and getMimeType() to set and retrieve MIME type.

You can also set the magicfile which shall be used by fileinfo with the 'magicfile' option. Additionally there are convenient setMagicFile() and getMagicFile() methods which allow later setting and retrieving of the magicfile parameter. This methods are available since Zend Framework 1.7.1.

Example 423. Using the MimeType Validator

<?php
$upload 
= new Zend_File_Transfer();

// Limit the MIME type of all given files to gif images
$upload->addValidator('MimeType'false'image/gif');

// Limit the MIME type of all given files to gif and jpeg images
$upload->addValidator('MimeType'false, array('image/gif''image/jpeg');

// Limit the MIME type of all given files to the group images
$upload->addValidator('MimeType'false'image');

// Use a different magicfile
$upload->addValidator('MimeType',
                      
false,
                      array(
'image',
                            
'magicfile' => '/path/to/magicfile.mgx'));

The above example shows that it is also possible to limit the accepted MIME type to a group of MIME types. To allow all images just use 'image' as MIME type. This can be used for all groups of MIME types like 'image', 'audio', 'video', 'text, and so on.

Note

Note that allowing groups of MIME types will accept all members of this group even if your application does not support them. When you allow 'image' you will also get 'image/xpixmap' or 'image/vasa' which could be problematic. When you are not sure if your application supports all types you should better allow only defined MIME types instead of the complete group.

Note

This component will use the FileInfo extension if it is available. If it's not, it will degrade to the mime_content_type() function. And if the function call fails it will use the MIME type which is given by HTTP.

You should be aware of possible security problems when you have whether FileInfo nor mime_content_type() available. The MIME type given by HTTP is not secure and can be easily manipulated.

Zend Framework