Help with images...

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
CSmith1128
Forum Newbie
Posts: 2
Joined: Tue Aug 22, 2006 5:52 pm

Help with images...

Post by CSmith1128 »

hello.. i have a question..

i have a page where a user can set an image to the background of their profile.

i want to allow them to enter a url that points to the image.

is there anything that can go wrong with doing this, and if so, is there any way to prevent it?



thanks

chris
Last edited by CSmith1128 on Thu Oct 11, 2007 1:51 pm, edited 1 time in total.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

You would want to check that the file is actually an image. I believe this function does that... I can't remember. http://us.php.net/manual/en/function.getimagesize.php
[url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url] Section 1.1 wrote:2. Use descriptive subjects when you start a new thread. Vague titles such as "Help!", "Why?" are misleading and keep you from receiving an answer to your question.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Hey...!
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

There's not much control you can exert on external files: they can always swap it out for something else after your PHP code does the validation. Just have them upload it and then perform some server-side validation!
Post Reply