stackoom
  简体   繁体   中英

Prevent hidden files embedded in images from being uploaded to server

 原文  2015-07-30 03:27:47       php/ hidden-files

Question

I've noticed that it is possible to store hidden files within JPG/GIF/PNG images, which could include illegal images or collections of them in .rar format. Users may exploit this to upload and share illicit content amongst themselves on seemingly average images to the naked eye, on any website that allows image uploading.

I could not find any source on the internet that deals with having PHP prevent image files from containing other files inside of them, and I hope someone can point me in the right direction. The following is not enough to detect additional content within a file, as the exif will still be a match to the file's extension: 

if (exif_imagetype($imagefile['tmp_name']), IMAGETYPE_GIF) { //code; }

1 answers

solution1
 1  2015-07-30 03:52:52

我不是100%知道这是否行得通,但是也许使用GD / Imagemagick命令创建新图像可能会去除多余的隐藏数据。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to name uploaded files in php to prevent them from being overwritten? Files not being uploaded to server using PHP script Files not being uploaded to server and variable are said to be undefined Ideas to prevent adult images being uploaded to photo site Images from form post are not being uploaded PHP How to safely prevent uploaded file from being run via PHP on any server? Prevent hidden input from being altered prevent php files from being downloaded in apache or Windows Server 2008 Block certain files from being uploaded Prevent height and width of images from being set to 1
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM