Infer the mime type for the uploaded files from their byte contents instead of their extension

[adamziel]

#48 Introduced a support for file uploads. Unfortunately, it infers the Content-type based on the file extension. This is unsafe, unreliable, and may lead to code execution vulnerabilities if a PHP file is uploaded with a different extension. Let's infer the Content-type from the file contents instead of its extension.

[adamziel]

Let’s not implement this. PHP normally goes with whatever content type the browser provides:

The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted