Bugtraq mailing list archives
Re: The Dangers of Allowing Users to Post Images
From: Ben Gollmer <ben () jatosoft com>
Date: Thu, 14 Jun 2001 17:39:31 -0500
This is not a big deal if you use some validation on images (in PHP at least).
Try the function getImageSize(); it will return an array containing the size of the image, as well as the format. If the file specified is not a GIF, JPEG, PNG, or SWF, getImageSize() returns null.
This is also beneficial if you don't want users posting huge images to your forum. In this code, the image must be 800x600 or less.
<?php
//quick sample code follows
//$imagePath is the URL provided; doesn't matter if its via GET or POST
$imageInfo = getImageSize($imagePath);
if(!$imageInfo)
{
print("Sorry, image cannot be opened or is not a valid image type.");
}
elseif($imageInfo[0] >= 800 || $imageInfo[1] >= 600)
{
print("Sorry, image too big");
}
//and so on
?>
More info here: http://www.php.net/manual/en/function.getimagesize.php
Ben Gollmer
Jatosoft, LLC
Current thread:
- Re: The Dangers of Allowing Users to Post Images, (continued)
- Re: The Dangers of Allowing Users to Post Images John Percival (Jun 22)
- Re: The Dangers of Allowing Users to Post Images Michal Szokolo (Jun 24)
- Re: The Dangers of Allowing Users to Post Images Travis Siegel (Jun 25)
- Re: The Dangers of Allowing Users to Post Images Jeffrey W. Baker (Jun 25)
- Re: The Dangers of Allowing Users to Post Images Sverre H. Huseby (Jun 19)
- Re: The Dangers of Allowing Users to Post Images Henrik Nordstrom (Jun 19)
- Re: The Dangers of Allowing Users to Post Images Brett Lymn (Jun 18)
- Re: The Dangers of Allowing Users to Post Images Marc Slemko (Jun 16)
- Re[2]: The Dangers of Allowing Users to Post Images Alexander K. Yezhov (Jun 16)
- Re: The Dangers of Allowing Users to Post Images Ryan Kennedy (Jun 16)
- Re: The Dangers of Allowing Users to Post Images Peter W (Jun 16)
- Message not available
- Message not available
- Re: The Dangers of Allowing Users to Post Images Jason Brooke (Jun 18)