Image upload security - reprocess with GD

前端未结

关注

 2  1674

I\'ve heard that the best way to handle uploaded images is to \"re-process\" them using the GD library and save the processed image. see: PHP image upload secu

相关标签:

2条回答

失恋的感觉

2020-12-18 09:13

function isvalidjpeg($file) 
{ 
$finfo = finfo_open(FILEINFO_MIME_TYPE);
return is_resource($finfo) && 
       (finfo_file($finfo, $file) === 'image/jpeg') && 
       finfo_close($finfo);
}
if(isvalidjpeg($_FILES['file']['tmp_name'])) {
   $newIm = @imagecreatefromjpeg($_FILES['file']['tmp_name']); .....

0 讨论(0)

伪装坚强ぢ

2020-12-18 09:25
If the user uploads a JPEG file, you could do something like this to reprocess it:
```
$newIm = @imagecreatefromjpeg($_FILES['file']['tmp_name']);
if (!$newIm) {
    // gd could not create an image from the source
    // most likely, the file was not a valid jpeg image
}
```
You could then discard the $newIm image using imagedestroy() and use the uploaded file from the user, or save out the image from GD and use that. There could be some issues with saving the GD image as it is not the original image.

Another simple method would be to check the header (first several bytes) of the image file to make sure it is correct; for example all JPEG files begin with 0xff 0xd8.

See also imagecreatefromstring(), and you can also use getimagesize() to run similar checks on the uploaded image.
0 讨论(0)
发布评论:

提交评论
- 加载中...