I have a feature on my website that allow people to upload various types of files. I don't want people to upload bash files but I can't tell by just the file extension since a '.pdf' file could contain only bash code as far as I know. Is there a way to check for sure if a file could be run with bash ?
Use mime_content_type (http://php.net/manual/en/function.mime-content-type.php):
// #!/bin/bash
$result = mime_content_type(/path/to/exmple);
$result = 'text/x-shellscrip';
// #!/bin/sh
$result = mime_content_type(/path/to/exmple);
$result = 'text/x-shellscrip';