Login   Register  
PHP Classes
elePHPant
Icontem

image uploads

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      PHP Classes blog  >  PHP security exploit ...  >  All threads  >  image uploads  >  (Un) Subscribe thread alerts  
Subject:image uploads
Summary:use GD to copy image
Messages:2
Author:Tom Pimienta
Date:2007-06-20 02:16:28
Update:2007-06-20 02:43:51
 

  1. image uploads   Reply   Report abuse  
Picture of Tom Pimienta
Tom Pimienta
2007-06-20 02:36:40
FWIW, In addition to normal security practices regarding uploaded images, I use GD to copy the original image to the final destination. If its not an image, GD will fail to copy the file. For animated gifs you wil loose the animation with this technique.

  2. Re: image uploads   Reply   Report abuse  
Picture of Manuel Lemos
Manuel Lemos
2007-06-20 02:43:51 - In reply to message 1 from Tom Pimienta
I am not sure if that would avoid the problem.

From what I understood the PHP code can be hidden in the GIF image color map. I think in that case the image is still read with making GD fail.

Maybe GD packs the palette and ditches unused colors when the image is saved. If it does not do anything to the original palette the PHP code remains there.