Mimetype matching with filename extension validation

I want to create an auploader script and I want to define a few allowed file types to be uploaded, to prevent trick by renaming the file extension I use this array: http://stackoverflow.com/questions/7519393/php-mime-types-list-of-mime-types-publically-available
first it checks if file extension is allowed (e.g. .xsl) then it uses finfo to get mimtype to check with that array to see if mimetype matches the extension.
I uploaded an .xsl file, finfo retruns file type as application/octet-stream but the array for xsl extension returns application/x-msexcel so it will not be equal and not validated.

should I actually forget about mimetype matching with filename extension validator for the script? or what should I do?

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.