Jump to content

Recommended Posts

After working with the sample imagecreatefromjpeg provided in the PHP manual, I successfully got a result (after clearing my cache) from

Quote

imagecreatefromjpeg($im, $file);

I've gotten a good education after navigating this function over the past week, and loaded it with ECHO messages to give me insight.

Everything was going fine.

And then, this ONE test image came along.

Apparently, the image (which is as good aj peg as I can find) FAILS the if(!im) test.

When I used echo $im;  

i discovered that when images pass through the function, they receive a "Resource" name.

Images that FAIL are NOT named.

This image gets a Resource name, yet FAILS. Is there a problem with my logic? A problem with the image? What would cause this? How can I verify?

Link to comment
https://forums.phpfreaks.com/topic/312392-imagecreatefromjpeg-failure/
Share on other sites

You can't just echo $im to view the image, you need to send a type header then output it with imagejpeg()

$im = imagecreatefromjpeg('my_image.jpg');

// output the image
header("Content-type: image/jpeg");
imagejpeg($im);

 

Quote


    $im = @imagecreatefromjpeg($file);

if($im == "")  {

echo "1";} else { echo "00"; }
   }

    //See if it failed
    if(!$im)  {
     echo "running";

 //Unaltered manipulation code from https://www.php.net/manual/en/function.imagecreatefromjpeg.php

    }

    ////return $im;

//displays RESOURCE ID
echo "<br> im is ". $im;
echo "<br>";

header('Content-Type: image/jpeg');

//imagejpeg($img);

imagejpeg($im, $file);


echo "<img src='".$file."'> ;

 

My messages that seem in conflict with the result are

Quote

1runningi

im is Resource id #19

Is there a way to validate WHY this result was given by the function?

Edited by phppup

For 1 - okay. How can I force an error message just to see how it appears?

For 2 - ok, but why does 

echo $im; 

Give me the string beginning with Resource? (I honestly wasn't expecting that result).

How can I go deeper to determine WHY a (perfectly good) image failed?

49 minutes ago, phppup said:

For 1 - okay. How can I force an error message just to see how it appears?

Make $file be a non-JPEG image.

 

49 minutes ago, phppup said:

For 2 - ok, but why does 

echo $im; 

Give me the string beginning with Resource? (I honestly wasn't expecting that result).

Because $im is a resource and if you want to echo it out then PHP needs to do something.

 

49 minutes ago, phppup said:

How can I go deeper to determine WHY a (perfectly good) image failed?

Remove the @ and look for error messages.

I've cleaned up a few things, but this error message remains:

Warning:....failed to open stream: No such file or directory in...

I am simultaneously uploading three jpeg files from the same folder during my development / testing and this is the ONLY image that is being rejected.

Reason? Explanation? Solution?

Thanks.

How is that possible if the other two test files originate from the same folder? Clearly it (and the path) exists.

How can I drill down for a deeper explanation?

 

Also, I've realized that some images do not refresh unless browser history / cache is cleared.

Research send to point to using no-cache headers or a flush directive. What is the best/suggested method?

On 3/29/2021 at 7:28 AM, phppup said:

I am simultaneously uploading three jpeg files

Do you mean uploading via PHP?  Have to properly verified that the upload was successful?  Maybe the upload is failing for that one file (too large?) and so you end up with $file referencing something that doesn't exist.

  • 2 weeks later...

I've got this working thanks to everybody that's assisted.

Now I've got a more academic question: what exactly is

$im = imagecreatefromjpeg($file); 

doing when it runs?

More directly, suppose a malicious actor places evil code into a jpeg file that passes thru this function.

Quote

$im = imagecreatefromjpeg($file); 

if(!$im)
    {

echo "image failed";

} else { 

echo "file is good";  }

Will the file always fail?

Or is it more prudent to continue with:

$file = $im; //overwrite with $im

Because $im will somehow be 'cleansed' of the evil code that had been inserted.

Is continuing with $file safe if it passed this examination?

I'm trying to understand the inner workings, especially since I'm using this more as a security measures than a file reproduction method.

I can't see your code ...

$file = $im; 

... helping much. If you want to write the GD image in memory (that was created by imagecreatefromjpeg()) back to the file in jpeg format, then use

imagejpeg($im, $file);

I do not know if this sequence has any cleansing effect though.

I guess it depends on what is being examined (and retained) by imagecreatefromjpeg().

Surely it's examining more than just the file extension to determine whether true or false.

And if an image does PASS (as true) but contains malicious code, is it nullified?

Suppose I take a 10 kb jpeg and incorporate 1 MB of evil scripting. The uploaded file is now the size of that sum, right?

What size will it be after running through imagecreatefromjpeg? 

Does the process evaluate the file and eliminate/erase/void pieces that are not color/image related??

(Maybe I should learn to hack so I can test it myself, LoL)

 

Edited by phppup
Typos
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.