I have a web-based tool that allows end-users to upload files and wish to determine the mimetype of the uploaded file so I can ensure that the file is safe to be uploaded.
On my localhost, a MAMP configuration, I was using PHP’s finfo_open() function, which is part of the fileinfo module. DreamHost seems to have fileinfo disabled, since I’m getting fatal errors about the aforementioned function being non-existent.
So, as any programmer would do, I looked up an alternate solution, PHP’s mime_content_type() function. This function, however, is deprecated as of PHP 5.3, and DreamHost is configured with PHP 5.4.
The next attempt after that was to try and enable the fileinfo module, but it appears that it is not possible to do so without modifying a php.ini configuration file. The documentation on the Wiki only covers VPS environments, whereas I am running this application on a shared environment. It also looks to be fairly unreliable, so I don’t want to upgrade if it doesn’t work.
More research led me to PHP’s dl() function, which is supposed to allow me install or enable an extension at runtime, but DreamHost disables this functionality, due to security concerns with it and exec().
The usual fallback is to determine the mimetype using an associative array of file extensions, but I feel this is more insecure than the functionality designed for inclusion in PHP.
What are my options?