How to get MIME-type of an image with file_get_contents in PHP
Be very careful what you do by checking only the Mime Type! If you really want to be sure that an image is actually an image, the safest way to do this is open it with an image manipulation library and write it with the library. This will both fail if the image is actually malicious code and guarantee that you are actually writing an image file to the disk. Just as an example for this, you can easily trick MIME into thinking that some malicious code is GIF.
To answer your questions more directly, use the FileInfo PECL module.
Yes, you can get it like this.
$file_info = new finfo(FILEINFO_MIME_TYPE);
$mime_type = $file_info->buffer(file_get_contents($image_url));
echo $mime_type;
If you download a file using HTTP, do not guess (aka autodetect) the MIME type. Even if you downloaded the file using file_get_contents
, you can still access HTTP headers.
Use $http_response_header
to retrieve headers of the last file_get_contents
call (or any call with http[s]://
wrapper).
$contents = file_get_contents("https://www.example.com/image.jpg");
$pattern = "/^content-type\s*:\s*(.*)$/i";
if (($header = array_values(preg_grep($pattern, $http_response_header))) &&
(preg_match($pattern, $header[0], $match) !== false))
{
$content_type = $match[1];
echo "Content-Type is '$content_type'\n";
}
Resort to the autodetections only if the server fails to provide the Content-Type
(or provides only a generic catch-all type, like application/octet-stream
).