php upload an image after modifying its extension

103 views Asked by At

I'm working my way through input filtering (files) and I just discovered that if you rename a .jpg file into a .png file the MIME type will change automatically to fit the extension. So I was thinking, in that case what's the point of checking the MIME type ? (I know that it can be changed by the client which is a serious drawback too, but I'm checking it "for fun")

1

There are 1 answers

2
Piskvor left the building On BEST ANSWER

Well, for one, the content of the file doesn't change; so if you actually check the type yourself (instead of blindly trusting user-submitted data), you'll see it's just a misnamed file.

As for the user-supplied MIME-type, checking that is an exercise in futility, yes.