getimagesize's detection accuracy: 50/50 trickable?
Moderator: General Moderators
- JAB Creations
- DevNet Resident
- Posts: 2341
- Joined: Thu Jan 13, 2005 6:44 pm
- Location: Sarasota Florida
- Contact:
getimagesize's detection accuracy: 50/50 trickable?
I've been validating client data (image uploads to be used as avatars) and I've noticed that it seems I can trick getimagesize about fifty percent of the time by simply renaming the file extension from/to GIF/JPG/PNG. It's obviously important to check the file extension and I figured it'd help to utilize getimagesize's third array item to help determine the file's mime. I'm interested in thoughts about this topic and anything else I should take in to consideration about dealing with uploaded files intended though only may be used for the user's avatar.