Re: Uploading Images - Security
- From: "J.O. Aho" <user@xxxxxxxxxxx>
- Date: Mon, 27 Mar 2006 06:03:06 +0200
powerx wrote:
Hi All,
Wonder if you could help me out at all?
Been learning PHP (with MySQL) and have put together an admin style script for my website. As part of the script, I want users to be able to upload images (Jpegs) to a max pixel size and file size. I've also been learning about the security side of things, which is where I'm coming unstuck.
I understand that I need to check that the uploaded file is actually a Jpeg and not rely on the fact that it should be.
Question is, how do I do this and should I check the file before I move it from the $_FILES to the location on my webspace or afterwards.
Any hints, links or code snippets would be appreciated.
I want to only accept genuine jpegs within the constraints and send an error message for all other occurrances.
You need to examine the beginning of the jpeg file and see if the uploaded file has the data that declares the jpeg version, from the 7th byte you get the string JFIF for one of the jpeg standards, as there are quite many different versions you have to check the file for each standard.
I would guess you can find more about the standards at www.jpeg.org
//Aho
.
- References:
- Uploading Images - Security
- From: powerx
- Uploading Images - Security
- Prev by Date: Re: issue with htaccess and getenv('REQUEST_URI')-please help
- Next by Date: Re: Internet Explorer Mystery
- Previous by thread: Uploading Images - Security
- Next by thread: Re: Uploading Images - Security
- Index(es):
Relevant Pages
|
