Zend\Validator\File\MimeType checks the MIME type of files. It will assert true when a given file matches any defined MIME type.

This validator is inversely related to the ExcludeMimeType validator


This component will use the FileInfo extension if it is available. If it's not, it will degrade to the mime_content_type() function. And if the function call fails, it will use the MIME type which is given by HTTP. You should be aware of possible security problems when you do not have FileInfo or mime_content_type() available; the MIME type given by HTTP is not secure and can be easily manipulated.

Supported Options

The following set of options are supported:

Basic Usage

use Zend\Validator\File\MimeType;

// Only allow 'gif' or 'jpg' files
$validator = new MimeType('image/gif,image/jpg');

// ... or with array notation:
$validator = new MimeType(['image/gif', 'image/jpg']);

// ... or restrict to  entire group of types:
$validator = new MimeType(['image', 'audio']);

// Specify a different magicFile:
$validator = new MimeType([
    'mimeType' => ['image/gif', 'image/jpg'],
    'magicFile' => '/path/to/magicfile.mgx',

// Enable HTTP header scanning (do not do this!):
$validator = new MimeType([
    'mimeType' => ['image/gif', 'image/jpg'],
    'enableHeaderCheck' => true,

// Perform validation
if ($validator->isValid('./myfile.jpg')) {
    // file is valid

Validating MIME groups is potentially dangerous

Allowing "groups" of MIME types will accept all members of this group, even if your application does not support them. For instance, When you allow image you also allow image/xpixmap and image/vasa, both of which could be problematic.