getimagesize's detection accuracy: 50/50 trickable?
Posted: Thu Aug 21, 2008 5:26 pm
I've been validating client data (image uploads to be used as avatars) and I've noticed that it seems I can trick getimagesize about fifty percent of the time by simply renaming the file extension from/to GIF/JPG/PNG. It's obviously important to check the file extension and I figured it'd help to utilize getimagesize's third array item to help determine the file's mime. I'm interested in thoughts about this topic and anything else I should take in to consideration about dealing with uploaded files intended though only may be used for the user's avatar.