安全图像（JPG、PNG、动画 GIF）上传

Question

I am looking for the best solution (=> secure, quick, independent) way to solve an image upload (also I want to provide download from URL) for static jpg / png and animated gif files (if a file is a gif but isn't animated, make it a png).

Bonus Information: I am executing the upload script in PHP on an Amazon EC2 server and will upload the image to an Amazon S3 bucket. If that changes anything, please tell.

Bonus Information 2: After I have solved this problem, I want to add a DAMNLOL-Like watermark below the image (like this: http://www.damnlol.com/i/916d72c17e572b14a14c283b2f96f997.jpg ).

How I have solved the problem until now:

1. User selects file to upload in form / from URL, continues to PHP script (which doesnt abort on user abort).

2. The script takes the image, does some checks: max file size, $_FILES['file']['type'] must be of "image/gif", "image/png", "image/jpg". Max / min width & height checks. If everything is okay, continue.

3. • If the user uploads the image from his local computer, store the image on the server with a temp name. After that the php script calls http://regex.info/exif.cgi with CURL and the temp url as input.
   • or in case of a submitted url, the php script calls http://regex.info/exif.cgi with CURL and the submitted url as input.

4. Jeffrey (Jeffrey stands for Jeffrey's Exif viewer (regex.info/exif.cgi)) gives me a response. If it implies that the image is indeed of type PNG, JPG or GIF the script downloads the file (in case of a submitted url) or moves the file (in case of an uploaded image) to the final image folder. Success!

As you can see, the script is vulnerable when you submit a file via URL and the URL redirects Jeffrey to a valid image but my server to a malicious code. At least that's what I think.

This solution is slow but rather secure in my opinion. An upload takes ~2-5 seconds, depending on the file size. GIFs tend to take ~4-10 seconds. Other sites don't take that long and are still secure.

---

Ideas on how to solve the problem:

• Apparently Jeffrey is able to find out the actual file type EVERYTIME. Is there such a bullet-proof method in PHP? Obviously, deciding the file type by the name of the file is a very poor way to solve this.

• Combined with Information 2, I could simply take the submitted image, get the width & height info, create a new blank image with (new_image_width = submitted_image_width, new_image_height = submitted_image_height + watermark_height) and store the submitted image with the watermark below it. If the whole process fails, the submitted image is not of type JPG / PNG / GIF and the script aborts. It could get a bit tricky when adding a watermark to Animated GIFs, but it's clearly possible (--> http://forgifs.com/gallery/d/206365-1/Fitness-ball-roof-jump.gif ).

What do you think about my ideas? Do you have any detailed solutions to this particular problem? I've known about it for a long time and done several researches on the topic, but I never found "the best" solution.

Thank you for your time. May we finally solve this problem and help me and thousands of people who search for the solution of this problem on Google day for day.

Answer 1

我使用http://www.webmotionuk.co.uk/php-jquery-image-upload-and-crop/的修改版本至少你可以查看代码并获得一些关于制作文件上传过程的想法有点安全。