Hi all,
I am currently looking into image upload scripts, and the security around allowing users to do so.
There seems to be quite a few methods, some more secure then others.
I looked into image generation in PHP, and how you can reproduce an image based off another image.
My question - if I produced a script that took the image uploaded by the user, and then resaved this image (type depending on which type they uploaded) using PHP - would this not ensure that we are only uploading images and not risky user files?
e.g imagecreatefromgif($tempname)
Maybe also some slight resizing too, is the image is over a certain dimension.
Any feedback regarding this, and image upload would be great
Thanks
Image uploads/creating images
Moderator: General Moderators
-
newbie2php
- Forum Commoner
- Posts: 35
- Joined: Wed Nov 07, 2007 4:44 pm
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Have you tried it? There is no better way to learn than for yourself. Better yet, let us know. An alternative may be to simply use getimagesize() to determine whether the file is actually an image or masked as one. Careful though, getimagesize() can be tricked.My question - if I produced a script that took the image uploaded by the user, and then resaved this image (type depending on which type they uploaded) using PHP - would this not ensure that we are only uploading images and not risky user files?
Indeed, this is common practice.Maybe also some slight resizing too, is the image is over a certain dimension.
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm