getimagesize's detection accuracy: 50/50 trickable?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

getimagesize's detection accuracy: 50/50 trickable?

Post by JAB Creations »

I've been validating client data (image uploads to be used as avatars) and I've noticed that it seems I can trick getimagesize about fifty percent of the time by simply renaming the file extension from/to GIF/JPG/PNG. It's obviously important to check the file extension and I figured it'd help to utilize getimagesize's third array item to help determine the file's mime. I'm interested in thoughts about this topic and anything else I should take in to consideration about dealing with uploaded files intended though only may be used for the user's avatar.
Post Reply