|FWIW, In addition to normal security practices regarding uploaded images, I use GD to copy the original image to the final destination. If its not an image, GD will fail to copy the file. For animated gifs you wil loose the animation with this technique.|
|2007-06-20 02:43:51 - In reply to message 1 from Tom Pimienta|
|I am not sure if that would avoid the problem.|
From what I understood the PHP code can be hidden in the GIF image color map. I think in that case the image is still read with making GD fail.
Maybe GD packs the palette and ditches unused colors when the image is saved. If it does not do anything to the original palette the PHP code remains there.