N-Bomb(Nerd) Posted May 27, 2009 Share Posted May 27, 2009 First of all, would using the function getimagesize() be a sure fire way to see if an uploaded file is actually an image? Besides the obvious 'mime' type, what else could I use to be sure it's actually an image? Also, is there actually a way someone could "embed" malicious code inside of an image and have it execute on my server? Quote Link to comment Share on other sites More sharing options...
BK87 Posted May 27, 2009 Share Posted May 27, 2009 mime is plenty enough... plus someone injecting code into an image file, is not unreal, but chances of it actually being run are almost none... I mean if you coding runs the image file through bash then your code is horrible. Quote Link to comment Share on other sites More sharing options...
N-Bomb(Nerd) Posted May 27, 2009 Author Share Posted May 27, 2009 mime is plenty enough... plus someone injecting code into an image file, is not unreal, but chances of it actually being run are almost none... I mean if you coding runs the image file through bash then your code is horrible. Well, I just like being sure as I have some stuff on my server that really isn't meant for anybody else to see.. I don't want to get hacked and have all my shit leaked just because of an image uploader on one of my websites. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.