file_mime_type_enforcer
The File Mime Type Enforcer module allows for easy UI configuration in the JSON format. Each supported file extension is mapped to alternative file mime types to enhance file security during uploads. Additionally, the module features a drush command to audit existing files local to the system and will generate log entries for any failed validations as well as display them onscreen, if so desired..
Features
- Dual MIME Detection: Compares Drupal's extension-based detection with Symfony's content-based analysis
- Security Protection: Blocks files where extension doesn't match actual content (e.g., PHP files renamed as .jpg)
- Configurable Alternatives: Define acceptable MIME type variations per file extension
- Flexible Validation: Strict mode (reject mismatches) or permissive mode (log only)
- Audit Command: Scan existing files for MIME type discrepancies
Post-Installation
Enable the module via drush en file_mime_type_enforcer or at /admin/modules and modify the configuration at /admin/config/media/file-mime-type-enforcer.
Additional Requirements
This module requires the PHP fileinfo extension. You can verify if it is installed with php -m | grep fileinfo
Similar projects
The File Upload Secure Validator module also utilizes the PHP fileinfo library, but features a different method of configuration. The File Mime Type Enforcer module configuration maps the supported file extensions to their respective alternative mapping and in addition also includes a drush command for auditing of existing files within the system (if needed).