We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 23018
    • 353 Posts
    Im working on a form including the follwing features:

    * imageupload
    * saving images on the server
    * creating a pdf with dompdf including those images.

    It works, but I have bad feeling about saving those images on the server (also I need to have a good look at dompdf regarding possible attack scenarios, but this is not a topic here).

    So how can I make sure that an image is really an image?

    * Checking the extension (*.jpeg, *.jpg, *.png, etc.) ist the first line of defense.
    * Also checking the mimetype can't be a bad idea
    * getimagesize() is also helpful

    Alas, all of them can be easily fooled.

    Anoher idea is to use gd library to find out if we really have an image

    		if (!$img = @imagecreatefromstring(file_get_contents($_FILES['attachment']['tmp_name']))) {
    			$modx->log(xPDO::LOG_LEVEL_ERROR,'Image seems to be fishy...');
                            $validator->addError('attachment','Wrong filetype');
    		        $error = true;
    		}
    


    Image manipulation might open other security problems, I have to find out more about that.

    There must be more or better ways to prevent malicious image uploads.

    Any other ideas how to handle this?

    Regards,

    pepebe

    P.S. I just stumbled over a post at stackoverflow with more ideas:

    * Disable PHP from running inside the upload folder using .httaccess.

    I'm looking for advice regarding this idea.

    * Do not allow upload if the file name contains string "php".
    * Allow only extensions: jpg,jpeg,gif and png. (make extensions lowercase to get rid of JPEG, JPG, etc).
    * Disallow image with two file type: e.g. image.foo.bar
    * Change the image name or at least remove all characters except 0-9, a-z and underscores.
    * Upload to a sub-directory not root directory.
    * ...

    Source: http://stackoverflow.com/questions/4166762/php-image-upload-security-check-list

    Another one that came to my mind: Open and re-save the image might also be helpful. [ed. note: pepebe last edited this post 11 years, 1 month ago.]
      Homepage: pepebe.de | MODX snippets (and other stuff) at github: https://gist.github.com/pepebe
      • 40706
      • 128 Posts
      We had several image upload forms on our sites. We always used getimagesize() to filter against images. We usally rename all files, especially to prevent an duplicate filename "image.jpg" or other simple names which hundreds of people could use.
      Also we used an directory with an .htaccess with deny from all
      When the images are published by the moderators, they were scaled and moved to an public available path.

      That was always enough so far.