•  04-10-2022
  •  | 
  •  

문제

I'm implementing image upload solution.

Now that everything works fine, I started thinking about security. After researching much on internet, I found that safest way to upload image it recreate it.

For that I use GD Image Editor, which gets image size and resizes it to -1px from every side.

The problem which rose is that I cant recreate GIF image, as it becomes static (and ugly).

My question is, if anyone has done something and what options I have? Maybe some other solution to safely allow users to upload GIF imagies?

도움이 되었습니까?

해결책

First and most important thing is to assign your own filename and extension to any uploaded image. Since your webserver decides on what to do with your file depending on it's extension, you should make damn sure it is '.gif'. Renaming the whole file and not only it's extension ensures noone finds a ways break your extension safety and inject his own extension.

Never rely on any mime type sent to determine file type. Mime types can be manipulated and are not reliable. If you HAVE to check your file, use something like getimagesize(). But again, this is not necessary if you set the filename and extension anyways.

http://www.php.net/manual/en/function.getimagesize.php

You should also ensure file size is not to large to avoid your server running out of space.

Ensuring a login before uploading and only allowing a reasonable number of uploads per user is also a nice safety agains running out of space.

So, in short:

  • Set filename and extension
  • Dont rely on sent filename
  • Dont rely on sent mime type
  • check maximum filesize
  • ensure user can not spam files
라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top