Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

This module enhances file uploads by performing more secure server-side validation. It checks the file's true MIME type against allowed extensions, rather than relying solely on the file name. This provides a more robust security measure for uploaded files.

This is a very simple and small module which performs a server side validation for the extension of an uploaded file of any content type's file field. Default drupal 7 file validation is performed by file_validate_extensions which only relies on the file name extension.
'File Upload Secure Validator' uses the php library 'fileinfo' and is dependent on that. Therefore the server hosting the drupal instance should have this library enabled. Through this php lib we can perform a more secure and reliable check on the file's mime type and compare that to the allowed file extensions, as these are set by the admin within the content type's field settings.

This module is useful when we need to enforce a maximum security mime type detection.

Dependencies
The module depends on the php library fileinfo. Please make sure this library is present and enabled on the server.

Installation
Install module like usual. No special installation considerations

Configuration
No configuration options. After enabling the module, it will perform an alternative server side extension validation on every uploaded file of every content type file field.

Activity

Total releases
5
First release
Dec 2025
Latest release
2 months ago
Releases (12 mo)
5 ▲ from 0
Maintenance
Active

Release Timeline

Releases

Version Type Release date
2.2.2 Stable May 15, 2026
2.1.1 Stable May 14, 2026
2.2.1 Stable Dec 19, 2025
2.2.0 Stable Dec 19, 2025
2.2.x-dev Dev Dec 19, 2025