Fixing OpenDocument MIME magic on Linux
by Sander MarechalWhen working on the beta of Officeshots.org I ran into an interesting problem with file type and MIME type detection of OpenDocument files. When a user uploads an ODF file to Officeshots I want to determine the MIME type myself using the PHP Fileinfo extension. Windows user who do not have any ODF supporting applications installed will report ODF files as application/zip which is of no use to me. In addition, a malicious user could attempt to upload an executable file and report the MIME type as ODF file.
On Linux, the PHP Fileinfo extension relies on the magic file that is provided by the file package. The magic file contains a series of tests that can determine the file type and MIME type of a file by its contents. I found out that the magic file is incomplete for OpenDocument files. Below I will show you what is wrong with the magic file and how you can fix it.
Update 2009-06-29: I have now also created a patch against the original upstream file-5.0.3.
Book Review: Practical CakePHP Projects
by Sander MarechalCakePHP has rapidly been gaining mindshare as a powerful and easy to use MVC framework for PHP. Mimicking Ruby on Rails, it allows developers to quickly prototype and build database driven websites and web applications. With increased popularity books usually follow. “Practical CakePHP Projects” by Kai Chan and John Omokore is one such book. It is aimed at advanced PHP developers who have some experience with CakePHP and builds on books like “Beginning CakePHP” (Apress, 2008). The book promised to show how to build practical, real-world web applications using the CakePHP frameworks.
Unfortunately “Practical CakePHP Projects” only partially succeeds in that. It is refreshing to see how applications are built that are different from the proverbial “blog” or “store” example (though both are used in the first chapters), but I find myself disagreeing often with how these applications are built. The chosen solutions often seem to work against the framework instead of going with it.
This article was originally posted at LXer Linux News.
