Why does Laravel's getMimeType() method identify a file as "application/octet-stream" when the file has the type attribute of "audio/mpeg"?
The UploadedFile object is ultimately extended from Symfony\Component\HttpFoundation\File\UploadedFile which get/sets the mimeType from The type of the file as provided by PHP.
To access that mimeType you would need to call $file->getClientMimeType()
However in the Symfony docblock for the function it suggests:
The client mime type is extracted from the request from which the file was uploaded, so it should not be considered as a safe value.
For a trusted mime type, use getMimeType() instead (which guesses the mime type based on the file content).
In your case however $file->getMimeType() which should be trusted and guesses the mime type from the contents, however it returns something as if it cannot determine the mime type, being "application/octet-stream"
Additional information
To help you decide. Basically getClientMimeType() would return the mime type that was set by the browser.
The getMimeType call guesses the mime type using two different techniques that I can see:
Using a binary mime type technique looking at the output of the following command
file -b --mime %s 2>/dev/nullif it is supported.The second technique is using the
finfo_opencommand if it does exist inside php.
If both 1. and 2. exists on your system, from what I see 2. will take preference, and 1. will be the fallback.
I personally would favour the results from getMimeType() for security. However, it would be another interesting question to ask "How reliable is browser mime type detection, and what techniques are used" :-)
Updated example
I include an example for you.
For me doing a check on a "DropboxInstalled.dmg", here are my results:
using
file -b --mime DropboxInstaller.dmgfrom a commandline (terminal) returnsapplication/octet-streamusing
finfo_openfunctionality
$finfo = new \finfo(FILEINFO_MIME_TYPE);echo $finfo->file('./DropboxInstaller.dmg');returns application/x-iso9660-image