Not really...if they upload a file with .jpg extension that is
actually a windows exe file containing malware it might be *your*
lookout. Windows might be a bit smarter about this sort of thing these
days (I hope) but I wouldn't rely on it.
I'd suggest you send it to the server and use a CGI to check it's type
once it's there, and overwrite the file extension (or delete it) if
need be. Both perl and PHP have modules for reading a file and
returning it's actual type (File::MimeInfo::Magic and FileInfo
respectively), as does Java.
File extensions are not a safe or adequate way to determine file type.
Non-MS OSs don't use them to decide what data is inside a file and you
shouldn't trust them either.
Guy
On 18/01/2009, at 12:10 AM, Paul Andrews wrote:
----- Original Message -----
From: "oneworld95" <[email protected]>
To: <[email protected]>
Sent: Friday, January 16, 2009 9:21 PM
Subject: [flexcoders] Get file type before upload
> Hi. Is there a way to discover the file type before you do an upload
> on a FileReference object? I know we can read the file extension but
> users can fiddle with that. Is there a way to read something on the
> file to ensure it's an image type of JPG, PNG, or GIF? Thanks.
Not as far as I know. If users mess up file extensions for upload,
it's
their lookout, surely?
Paul
