Image uploads/creating images
Posted: Sun Dec 16, 2007 4:13 pm
Hi all,
I am currently looking into image upload scripts, and the security around allowing users to do so.
There seems to be quite a few methods, some more secure then others.
I looked into image generation in PHP, and how you can reproduce an image based off another image.
My question - if I produced a script that took the image uploaded by the user, and then resaved this image (type depending on which type they uploaded) using PHP - would this not ensure that we are only uploading images and not risky user files?
e.g imagecreatefromgif($tempname)
Maybe also some slight resizing too, is the image is over a certain dimension.
Any feedback regarding this, and image upload would be great
Thanks
I am currently looking into image upload scripts, and the security around allowing users to do so.
There seems to be quite a few methods, some more secure then others.
I looked into image generation in PHP, and how you can reproduce an image based off another image.
My question - if I produced a script that took the image uploaded by the user, and then resaved this image (type depending on which type they uploaded) using PHP - would this not ensure that we are only uploading images and not risky user files?
e.g imagecreatefromgif($tempname)
Maybe also some slight resizing too, is the image is over a certain dimension.
Any feedback regarding this, and image upload would be great
Thanks