Greetings,

I need some advice on safely allowing people to bulk upload products to our site using tab-delimited txt files only. My first concern is making sure the file that someone is uploading is actually a plain text file and not a hostile fake.

Here is the code I have so far for the basic errors and sanitization:
PHP Code:
$allowedExts = array("txt");
$extension end(explode("."$_FILES["ufile"]["name"]));
if (
$_FILES['ufile']['type'] != 'text/plain' || !in_array($extension$allowedExts)) {
  echo 
"Error: This is not a 'txt' file.";
  exit();
}
if (
$_FILES["ufile"]["error"] > 0)
{
  echo 
"Error: Something is wrong with this this file: ".$_FILES["ufile"]["error"];
  exit();

Let me know if this look good so far or if there needs to be anything else added here. I understand that mime_content_type is also depreciated and there is a better method out there?

Any advice would be greatly appreciated. I've never added a feature like this to my site, so this is very new to me.

Thanks