Im working on a form including the follwing features:
* imageupload
* saving images on the server
* creating a pdf with dompdf including those images.
It works, but I have bad feeling about saving those images on the server (also I need to have a good look at dompdf regarding possible attack scenarios, but this is not a topic here).
So how can I make sure that an image is really an image?
* Checking the extension (*.jpeg, *.jpg, *.png, etc.) ist the first line of defense.
* Also checking the mimetype can't be a bad idea
* getimagesize() is also helpful
Alas, all of them can be easily fooled.
Anoher idea is to use gd library to find out if we really have an image
if (!$img = @imagecreatefromstring(file_get_contents($_FILES['attachment']['tmp_name']))) {
$modx->log(xPDO::LOG_LEVEL_ERROR,'Image seems to be fishy...');
$validator->addError('attachment','Wrong filetype');
$error = true;
}
Image manipulation might open other security problems, I have to find out more about that.
There must be more or better ways to prevent malicious image uploads.
Any other ideas how to handle this?
Regards,
pepebe
P.S. I just stumbled over a post at stackoverflow with more ideas:
* Disable PHP from running inside the upload folder using .httaccess.
I'm looking for advice regarding this idea.
* Do not allow upload if the file name contains string "php".
* Allow only extensions: jpg,jpeg,gif and png. (make extensions lowercase to get rid of JPEG, JPG, etc).
* Disallow image with two file type: e.g. image.foo.bar
* Change the image name or at least remove all characters except 0-9, a-z and underscores.
* Upload to a sub-directory not root directory.
* ...
Source:
http://stackoverflow.com/questions/4166762/php-image-upload-security-check-list
Another one that came to my mind: Open and re-save the image might also be helpful.
[ed. note: pepebe last edited this post 11 years, 1 month ago.]