about the upload file validate

hello:   I have a method like following:   def file=(file_field)     #remember to validate the content type     File.open("#{RAILS_ROOT}/public/images/users/#     {file_field.original_filename}","wb+") do|i|       i.write(file_field.read)     end     self.photo="/images/users/"+file_field.original_filename   end

  i want to use it to upload the image file locally,but how do i make sure that the uploaded file is image file?   if use the validate_format_of method,i wonder its ability,because any file can pass its validate as long as the file is named like a image,such as .jpg.   or use the file_field.content_type to manage the validate?If this way,how to write the code?

None of these mimetype based methods do anything else but check the file extension as far as I know.

As a first step we would trust our customers not to rename textfiles and upload them as images. If somebody should do it more than once, we would most likely lock his account. But we never had any trouble of that kind.

If you must make sure, that you have an real image file, maybe you can use a tool like RMagick, open it and try to access some of the internal binary data like size, to see if RMagick gives an error.

Thorsten Mueller wrote:

None of these mimetype based methods do anything else but check the file extension as far as I know.

As a first step we would trust our customers not to rename textfiles and upload them as images. If somebody should do it more than once, we would most likely lock his account. But we never had any trouble of that kind.

If you must make sure, that you have an real image file, maybe you can use a tool like RMagick, open it and try to access some of the internal binary data like size, to see if RMagick gives an error.

Thank you!I had thought there was a easy and well_known way to do it.