Verifying File Type Using Only Modules from basic distribution of Perl

jerrygarciuh has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to find a way to check whether an uploaded image file is what it says it is. ajt was kind enough to point me to File::MMagic which is (per ajt) "basically a Perl version of the Apache version of the Cisco version of looking for magic markers in a file, and guessing what the file is". Thing is the weenie of a sys admin refuses to install any modules no matter how useful so I am stuck with just those modules that come with the basic distribution. Can anyone recommend a path of inquiry for me? I am already making certain that the file extension is .gif, .jpg, or .png but I understand that, for instance, an HTML file given a .jpg extension will render as HTML in some browsers. So here I am. Any advice would be most welcome.
TIA
jg
_____________________________________________________
If it gets a little bit out of hand sometimes, don't let it fool you into thinkin' you don't care.TvZ

Comment on Verifying File Type Using Only Modules from basic distribution of Perl Download Code

Replies are listed 'Best First'.
Re: Verifying File Type Using Only Modules from basic distribution of Perl by runrig (Abbot) on Dec 15, 2001 at 02:05 UTC
Read the source, Luke! Like all CPAN modules, the source is freely available. You can either install the module yourself in a private directory, and put a 'use lib qw(/path/to/my/lib)' in your program, or as a last resort, copy the source right into your program. The only downside is that these lazy sysadmins create a maintanance nightmare when other people want to use the same module, and/or everyone has their own lib directories taking up disk space. Update: If the module has no XS component, and consists only of '.pm' file(s), and does not need to be AutoSplit (and File::MMagic seems to qualify), then just the '.pm' file needs to be uploaded (or just copied into your source which you upload).	[reply]
Re: Re: Verifying File Type Using Only Modules from basic distribution of Perl by jerrygarciuh (Curate) on Dec 15, 2001 at 02:10 UTC
I thought I would have to have shell access to install the module to a private diretory, no? I have only FTP access to this %^$&%^$& server run by %$^%$ jerks and paid for by my $%%^$ clinet who won't &^*^ listen to me and go with Unix at Hostways. TIA jg _____________________________________________________ If it gets a little bit out of hand sometimes, don't let it fool you into thinkin' you don't care.TvZ	[reply] [d/l]
Re: Re: Re: Verifying File Type Using Only Modules from basic distribution of Perl by mortis (Pilgrim) on Dec 15, 2001 at 02:17 UTC
As long as there are no binary compatability issues, you could build and install it to a local directory structure on your workstation that matches the remote box and recursivly ftp it up (ncftp is great for that kind of thing) to the remote box and just make use of it. It'd be nice if there was some way of building modules localy and 'deploying' them to another box....that might even make a good CPAN module.	[reply]
Re: Verifying File Type Using Only Modules from basic distribution of Perl by dws (Chancellor) on Dec 15, 2001 at 02:22 UTC
I am trying to find a way to check whether an uploaded image file is what it says it is. ... Thing is the weenie of a sys admin refuses to install any modules no matter how useful ... Figuring out whether a .JPG is really a JPEG or a .GIF is really a GIF is very easy. All you have to do is open the file, read the first few bytes, and look at the signature. Reverse engineer Image::Size or steal code from it for your script.	[reply]
Re: Verifying File Type Using Only Modules from basic distribution of Perl by tadman (Prior) on Dec 15, 2001 at 02:20 UTC
A quick-and-dirty method, though not 100% reliable, is to look for certain header signatures in the file. For example, GIF files begin with the characters "GIF", JPEG files contain "JFIF" at byte offset 6, and PNG files have "PNG" at offset 1. So, you could do something like this: `sub what_is { my ($file) = @_; my $header; open (FILE, $file) \|\| return; read (FILE, $header, 12); # Read first twelve bytes close (FILE); return unless (length($header) == 12); return "GIF" if (substr($header,0,3) eq "GIF"); return "JPEG" if (substr($header,6,4) eq "JFIF"); return "PNG" if (substr($header,1,3) eq "PNG"); return; }` [download] This worked well when I had to verify that the "GIF" files being sent to me were actually GIFs, and not just Photoshop PSD files with a ".gif" extension. It's not foolproof, since there may be an error in the image, or the key text just might appear there coincidentally.	[reply] [d/l]