Re: [PHP] Creating thumbnails using Image Functions, then saving to folders

See how your network guys would feel about:

A directory OUTSIDE the webtree which is 777.

You can put the thumbnails in there.

Then, in a PHP script that you use in the IMG tags, you would double
check several things before you serve up that image:

Does it match a record in the database so you know it's supposed to be
there? (a whitelist of known image files)

Does it "look" like an image to functions like
http://php.net/get_image_size (a modest validity check)

You could also consider doing a simple GD imagefromjpeg followed by
imagejpeg. It's unlikely any malicious file could survive that and do
something Evil.

PS You probably CAN set up FTP access and use PHP FTP to shuffle files
around... But you're then putting your FTP password into your script,
and your network guys shouldn't like that either...

On Wed, October 18, 2006 12:40 pm, Matthews, Chris wrote:
Good Morning:

I am looking to create a thumbnail from an uploaded image, and then
save it to a directory.

I don't have any problem with the image functions, and can
successfully create the thumbnail and push it to the browser or, as is
currently set up, store the data in a database.

What I want to do instead, however, is take that dynamically created
thumbnail and write it to a folder on the server.

If I simply write the file, however, it appears I need to have a
folder chmod'd world read/writable for the process to work. My
network guys do not want this.

I tried the FTP functions, which work great for copying a file that
already exists somewhere into another folder, but I can't seem to get
it to recognize the buffer as a valid source file location...

Is there a way to use a php FTP function to FTP the file out of the
buffer to a directory on the server, or some other way to write a file
to a folder without making that folder 0777?

Chris Matthews
eGovernment Information Officer
Washoe County, Nevada
775.328.3719
http://www.washoecounty.us

Director, West Region
National Association of Government Webmasters
http://www.nagw.org

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
.

Relevant Pages

  • Re: [PHP] File Upload Security and chmod
    ... The FTP will be slower, ... your files at will in PHP. ... all of the directory creation and permissions changes? ... upon the permissions the parent folder. ...
    (php.general)
  • Re: [PHP] ftp_put and ftp_chmod does not work
    ... I was using ftp_put to copy such files from upload_temp folder of php to ... the ftp user has no permission in upload_temp folder of php. ...
    (php.general)
  • Re: can i get PHP to use my Linux username and password?
    ... > I've been setting up websites on our webserver using FTP. ... > get PHP to create directories at the top level of our websites. ... > allowed to write into the folder of htdocs, ...
    (alt.php)
  • Re: [PHP] ftp_put and ftp_chmod does not work
    ... I was using ftp_put to copy such files from upload_temp folder of php to my system own folder and it does not work, i thought it could be because the ftp user has no permission in upload_temp folder of php. ...
    (php.general)
  • Use to use mogrify to create a thumbnail of an image
    ... This attempt at creating a thumbnail only causes the original image to ... thumbnail in another folder while keeping the original image intact? ... working with PHP 4.1.2 ...
    (alt.php)