Hello.
I found some issues about how the script get the file mime type and extension:
1) finfo may not return the correct mime type for all files. For an mkv file I got application/octet-stream; charset=binary and the correct would be video/x-matroska; charset=binary. Different php versions may have different results and it is possible that different storage servers use different php versions. I recommend not using finfo.
2) The remote upload doesn't take the real file name from the http header. It get the name displayed in the url after the last "/". This will cause wrong file names and wrong file extensions in some links. The script should get the real file name from the header content-disposition (RFC 2616).
3) Users cannot edit file extensions and this prevent they from fixing wrong extensions created by the remote upload.
I found some issues about how the script get the file mime type and extension:
1) finfo may not return the correct mime type for all files. For an mkv file I got application/octet-stream; charset=binary and the correct would be video/x-matroska; charset=binary. Different php versions may have different results and it is possible that different storage servers use different php versions. I recommend not using finfo.
2) The remote upload doesn't take the real file name from the http header. It get the name displayed in the url after the last "/". This will cause wrong file names and wrong file extensions in some links. The script should get the real file name from the header content-disposition (RFC 2616).
3) Users cannot edit file extensions and this prevent they from fixing wrong extensions created by the remote upload.