Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). Varbase Media Header 9.2.1 Minor update available for module varbase_media_header (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Content Translation Redirect Module content_translation_redirect crossed 1,000 active installs.

File Mime Type Enforcer

4 sites No security coverage
View on drupal.org

This module enhances file upload security by allowing administrators to configure acceptable MIME types for different file extensions through a user interface. It compares the file's extension with its actual content, blocking or logging mismatches to prevent malicious file uploads. The module also includes a Drush command to audit existing files on the system for any MIME type discrepancies.

The File Mime Type Enforcer module allows for easy UI configuration in the JSON format. Each supported file extension is mapped to alternative file mime types to enhance file security during uploads. Additionally, the module features a drush command to audit existing files local to the system and will generate log entries for any failed validations as well as display them onscreen, if so desired..

Features

  • Dual MIME Detection: Compares Drupal's extension-based detection with Symfony's content-based analysis
  • Security Protection: Blocks files where extension doesn't match actual content (e.g., PHP files renamed as .jpg)
  • Configurable Alternatives: Define acceptable MIME type variations per file extension
  • Flexible Validation: Strict mode (reject mismatches) or permissive mode (log only)
  • Audit Command: Scan existing files for MIME type discrepancies

Post-Installation

Enable the module via drush en file_mime_type_enforcer or at /admin/modules and modify the configuration at /admin/config/media/file-mime-type-enforcer.

Additional Requirements

This module requires the PHP fileinfo extension. You can verify if it is installed with php -m | grep fileinfo

Similar projects

The File Upload Secure Validator module also utilizes the PHP fileinfo library, but features a different method of configuration. The File Mime Type Enforcer module configuration maps the supported file extensions to their respective alternative mapping and in addition also includes a drush command for auditing of existing files within the system (if needed).

Activity

Total releases
4
First release
Sep 2025
Latest release
1 week ago
Releases (12 mo)
4 ▲ from 0
Maintenance
Active

Release Timeline

Releases

Version Type Release date
1.4.0 Stable Jul 7, 2026
1.3.2 Stable Nov 4, 2025
1.0.0 Stable Oct 8, 2025
1.0.x-dev Dev Sep 26, 2025