Page 1 of 1

checking that a URL points to an image

Posted: Sat Mar 01, 2008 5:56 am
by bobafart
how would I protect myself from an attack to ensure that a user submitted URL points to an image (either .jpg, .jpeg, .gif, .png or .ico )?

the var is of this type:

$imageURL = 'http://www.foo.com/img/myimages/dog.gif'

or

$imageURL = 'http://www.bar.com/images/home/vacation/beach.jpg'


or

$imageURL = 'http://www.foobarb.com/img/myimages/banner.png'



I dont want people submitting .exe files for instance

Re: checking that a URL points to an image

Posted: Sat Mar 01, 2008 6:07 am
by Kieran Huggins
The most reliable way to check something like this would be to get the file and test it's mimetype.

For images specifically, you can use exif_imagetype(). It will return the type of the image or FALSE if it's not an image.

If that function isn't available, you can use getimagesize() but the first method is apparently faster.

The above two methods apply to images only, for general file types you'll have to do a little more work.