N-Bomb(Nerd) Posted May 27, 2009 Share Posted May 27, 2009 First of all, would using the function getimagesize() be a sure fire way to see if an uploaded file is actually an image? Besides the obvious 'mime' type, what else could I use to be sure it's actually an image? Also, is there actually a way someone could "embed" malicious code inside of an image and have it execute on my server? Link to comment https://forums.phpfreaks.com/topic/159799-getimagesize-question/ Share on other sites More sharing options...
BK87 Posted May 27, 2009 Share Posted May 27, 2009 mime is plenty enough... plus someone injecting code into an image file, is not unreal, but chances of it actually being run are almost none... I mean if you coding runs the image file through bash then your code is horrible. Link to comment https://forums.phpfreaks.com/topic/159799-getimagesize-question/#findComment-842859 Share on other sites More sharing options...
N-Bomb(Nerd) Posted May 27, 2009 Author Share Posted May 27, 2009 mime is plenty enough... plus someone injecting code into an image file, is not unreal, but chances of it actually being run are almost none... I mean if you coding runs the image file through bash then your code is horrible. Well, I just like being sure as I have some stuff on my server that really isn't meant for anybody else to see.. I don't want to get hacked and have all my shit leaked just because of an image uploader on one of my websites. Link to comment https://forums.phpfreaks.com/topic/159799-getimagesize-question/#findComment-843368 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.