MimeType validator checks the MIME type of
transferred files. It supports the following options:
*: Sets any key or use a numeric array. Sets the MIME type to validate against.
Defines the MIME type of files to be accepted.
headerCheck: If set to
TRUEthis option will check the HTTP Information for the file type when the fileInfo or mimeMagic extensions can not be found. The default value for this option is
magicfile: The magicfile to be used.
With this option you can define which magicfile to use. When it's not set or empty, the MAGIC constant will be used instead. This option is available since Zend Framework 1.7.1.
This validator accepts multiple MIME type, either as a
comma-delimited string, or as an array. You may also use the methods
getMimeType() to set and retrieve MIME
You can also set the magicfile which shall be used by fileinfo with the 'magicfile'
option. Additionally there are convenient
getMagicFile() methods which allow later setting and retrieving
of the magicfile parameter. This methods are available since Zend Framework 1.7.1.
Example 410. Using the MimeType Validator
$upload = new Zend_File_Transfer();
// Limit the MIME type of all given files to gif images
$upload->addValidator('MimeType', false, 'image/gif');
// Limit the MIME type of all given files to gif and jpeg images
$upload->addValidator('MimeType', false, array('image/gif', 'image/jpeg');
// Limit the MIME type of all given files to the group images
$upload->addValidator('MimeType', false, 'image');
// Use a different magicfile
'magicfile' => '/path/to/magicfile.mgx'));
The above example shows that it is also possible to limit the accepted MIME type to a group of MIME types. To allow all images just use 'image' as MIME type. This can be used for all groups of MIME types like 'image', 'audio', 'video', 'text, and so on.
Note that allowing groups of MIME types will accept all members of this group even if your application does not support them. When you allow 'image' you will also get 'image/xpixmap' or 'image/vasa' which could be problematic. When you are not sure if your application supports all types you should better allow only defined MIME types instead of the complete group.
This component will use the
FileInfo extension if it is
available. If it's not, it will degrade to the
mime_content_type() function. And if the function call
fails it will use the MIME type which is given by
You should be aware of possible security problems when you have whether
available. The MIME type given by HTTP is not
secure and can be easily manipulated.