Page 1 of 1
Uploading a non-image file and sending image type mime
Posted: Mon May 30, 2005 12:50 am
by anjanesh
According to the
PHP Manual :
$_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif".
So how do I get to change that ?
I want upload a php file and have to browser send a mime type of image/jpeg. Is that possible ?
Posted: Mon May 30, 2005 2:58 am
by Chris Corbyn
Would you mind if I ask why?
You wont be able to change anything the browser send but I guess you can overwrite it on the server side. (Not tested though).
Otherwise, just hard-code it if you're always gonna use image/jpeg

Posted: Mon May 30, 2005 3:07 am
by anjanesh
Assuming I have no access to the server.
I upload an image which is allowed. It is obviously checked on the server side for $_FILE['userfile']['type'] to see if its and image type.
I want to upload a php file (.php) and send the mime as image so that it gets accepted on the server.
Is this possible ?
The last option is change the source of FF and send it like this but Im looking for a direct method.
Posted: Mon May 30, 2005 3:11 am
by Chris Corbyn
If you're using windows I believe simply changing the extension to .jpg will do it. You'll just have to rename it again on the server.
I don't know why the host blocks PHP files though...
Posted: Mon May 30, 2005 3:28 am
by anjanesh
Im using Win XP but Apache 2.x - I think Apache handles this stuff and not the OS ?
Tried to upload a test.php but doesnt get accepted - the code checks like this :
Code: Select all
if (substr($_FILES['userfile']['type'][$i],0,5)!="image") {return 1;}
Renamed test.php to test.jpg and test.php.jpg and gets accpeted but the image doesnt show. Instead the entire php code is the source (when right-clicked in FF) and gives the error :
The image “http://localhost/xxx/test.php.jpg” cannot be displayed, because it contains errors.
I want to upload an image which gets accepted that contains this :
Code: Select all
<?php
header("Content-type: image/jpeg");
$Image = @imagecreatetruecolor(100,50);
// Create my dynamic image
@imagejpeg($Image);
?>
Posted: Mon May 30, 2005 3:42 am
by hongco
anjanesh wrote:Im using Win XP but Apache 2.x - I think Apache handles this stuff and not the OS ?
Tried to upload a test.php but doesnt get accepted - the code checks like this :
Code: Select all
if (substr($_FILES['userfile']['type'][$i],0,5)!="image") {return 1;}
Renamed test.php to test.jpg and test.php.jpg and gets accpeted but the image doesnt show. Instead the entire php code is the source (when right-clicked in FF) and gives the error :
The image “http://localhost/xxx/test.php.jpg” cannot be displayed, because it contains errors.
I want to upload an image which gets accepted that contains this :
Code: Select all
<?php
header("Content-type: image/jpeg");
$Image = @imagecreatetruecolor(100,50);
// Create my dynamic image
@imagejpeg($Image);
?>
The browser got fooled and thought it was an image file, but on the server side, your file's actual header is not.
If you can somehow make your php work right after being uploaded, I guest youcould read the server's security info
.. not sure if this link helps:
viewtopic.php?t=33208
Posted: Mon May 30, 2005 3:51 am
by anjanesh
hongco wrote:The browser got fooled and thought it was an image file, but on the server side, your file's actual header is not.
Actually this is not because of the browser - its because Apache didn't get that file parsed - it doesnt parse .php.jpg or .jpg files containing php code - it sends the entire contents directly.
Posted: Mon May 30, 2005 9:24 am
by phpScott
that's because to the server the ext .jpg is an image and .php is a php file, providing there server understands .php ext.
I'll ask agian why do you want to fool the server in this way?
if you had access to the server you get .jpg to be interpreted as php but that would ruin the .jpg's that are actually images.
Posted: Mon May 30, 2005 9:32 am
by m3mn0n
There is a reason why sites only allow specific MIME types. PHP can read/remove/move files that the owner does not want people to read/remove/move.
If you want to upload a PHP file that will generate an image, just run the script and upload the jpeg yourself.