Protect file upload (size and filetypes limits)

I have REST API written in PHP and base on Slim Framework.

use Slim\Http\UploadedFile;
$uploadedFiles = $request->getUploadedFiles();
$uploadedFile = $uploadedFiles['myFileName'];

How should i protect file uploading script? I want not only to set limits to file size but also protect my web server from uploading anything except images (jpg, png). What are the best practices for file uploading scripts in Slim?

There isn’t anything unique to Slim I can think of-- you would follow the same security guidelines as you would for any other web application.


Is there a way to upload ‘application/octet-stream’, ‘application/x-x509-ca-cert’ ?
I tried, not working …

Big thank you!

I notice that public function getMimetype() is returning ‘text/plain’, for ‘application/octet-stream’, ‘application/x-x509-ca-cert’ files.

public function getMimetype()
    if (!isset($this->mimeType)) {
        $finfo = new \finfo(FILEINFO_MIME);
        $mimetype = $finfo->file($this->getPathname());
        $mimetypeParts = preg_split('/\s*[;,]\s*/', $mimetype);
        $this->mimetype = strtolower($mimetypeParts[0]);

    return $this->mimetype;

Strange ! …