I have an uploader which has file format validation (only some video formats can be uploaded).
However users can simply change the original file name extension and pass the validation (e.g. rename file.pdf to file.mov and upload)!
Now I need to check and validate if the file format matches the file extension or not. The backend is Python (Django), but I am not sure if this can be done via Payton, Javascript or any other solution.
I have an uploader which has file format validation (only some video formats can be uploaded).
However users can simply change the original file name extension and pass the validation (e.g. rename file.pdf to file.mov and upload)!
Now I need to check and validate if the file format matches the file extension or not. The backend is Python (Django), but I am not sure if this can be done via Payton, Javascript or any other solution.
Share Improve this question edited Aug 14, 2014 at 10:52 jonrsharpe 122k30 gold badges268 silver badges475 bronze badges asked Aug 14, 2014 at 10:50 CarmijoonCarmijoon 4855 silver badges11 bronze badges3 Answers
Reset to default 8In python you can use python-magic
Quote from the Readme:
python-magic is a python interface to the libmagic file type identification library. libmagic identifies file types by checking their headers according to a predefined list of file types.
It analyses the file header instead of using only the file extension to recognise the file type.
The usage is simple:
>>> import magic
>>> magic.from_file('renamed.pdf')
'ISO Media, Apple QuickTime movie'
# More handy
>>> magic.from_file('renamed.pdf', mime=True)
'video/quicktime'
If you would like to do this via Javascript, you can get the mime type of the selected file and do the check in the frontend. The advantage of this is that you won't need to upload the file to server for initial validations. Based on this, the mime type for .mov files is 'video/quicktime'. This is much difficult for a user to modify than changing the file extension.
Also take note of Mathias' answer. It is important to validate the uploaded file in the backend server as well. :)
Here is a demo of file validation using Javascript.
$('#movieFile').change(function() {
var file = $('#movieFile')[0].files[0];
var filename = file.name;
var fileMimeType = file.type;
var fileExtension = filename.split('.').pop();
if (isValidMimeType(fileMimeType)) {
console.log('good file');
} else {
console.log('bad file');
}
});
function isValidMimeType(fileMimeType) {
// mime type of .mov files
var validFileMimeTypes = [ 'video/quicktime' ];
for (var i = 0; i < validFileMimeTypes.length; i++) {
if (validFileMimeTypes[i].toLowerCase() === fileMimeType.toLowerCase()) {
return true;
}
}
return false;
}
adding to Mathias' answer using python-magic you could do this instead
file_type = magic.from_buffer(upload.file.read(1024), mime=True)
this would not require saving the file to get it's mime