In order to secure file uploads should be check MIME types file, I use the following code but the worst scenario happens:
<?php
function getMimeType( $file ) {
$realpath = realpath( $file );
if (
$realpath
&& function_exists( 'finfo_file' )
&& function_exists( 'finfo_open' )
&& defined( 'FILEINFO_MIME_TYPE' )
) {
return finfo_file( finfo_open( FILEINFO_MIME_TYPE ), $realpath );
} elseif ( function_exists( 'mime_content_type' ) ) {
return mime_content_type( $file );
} else {
// Worst-case scenario has happened, use the file extension to infer the mime-type
$ext = strtolower( pathinfo( $file, PATHINFO_EXTENSION ) );
if ( isset( self::$mimeTypes[$ext] ) ) {
return self::$mimeTypes[$ext];
}
}
return false;
}
?>
Do yii solution or php solution to obtain the actual MIME type fo file?