Re: [PHP] Re: how to detect type of image
At 4:46 PM -0500 4/28/07, Edward Vermillion wrote: On Apr 28, 2007, at 12:21 PM, tedd wrote: At 9:22 AM -0500 4/28/07, Edward Vermillion wrote: It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; $image_size['mime'] ? Where did that come from? I duno, maybe the manual. http://us2.php.net/getimagesize -- 5th or 6th example down. Ahhh... that's for sending a mime type to the browser. Ahhh no, it's just a way to get contents of the file. If you really want to study this, try opening every different image file (gif, jpg, png, etc.) you have on your desktop and examine each of the header files via a HEX editor. You will find that every file has an id of some type in it's header. The php functions that provide data about files, do just that. They inspect the header of the file and report what they have found. How you use them, is your business. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On Apr 29, 2007, at 8:03 AM, tedd wrote:
At 4:46 PM -0500 4/28/07, Edward Vermillion wrote:
On Apr 28, 2007, at 12:21 PM, tedd wrote:
At 9:22 AM -0500 4/28/07, Edward Vermillion wrote:
It should, but instead try this:
$image_size = getimagesize($filename);
echo $image_size['mime'];
$image_size['mime'] ? Where did that come from?
I duno, maybe the manual.
http://us2.php.net/getimagesize -- 5th or 6th example down.
Ahhh... that's for sending a mime type to the browser.
Ahhh no, it's just a way to get contents of the file.
If you really want to study this, try opening every different image
file (gif, jpg, png, etc.) you have on your desktop and examine
each of the header files via a HEX editor. You will find that every
file has an id of some type in it's header.
The php functions that provide data about files, do just that. They
inspect the header of the file and report what they have found. How
you use them, is your business.
Well, from the example it looks like that's returning a string that
can go straight into the header() function...
?php
$size = getimagesize($filename);
$fp=fopen($filename, rb);
if ($size $fp) {
header(Content-type: {$size['mime']});
fpassthru($fp);
exit;
} else {
// error
}
?
whereas index 2 in the array returns an integer that corresponds to
the IMAGETYPE_* constants. I would assume they both get the
information from the same place, but just return it in different
formats based on the intended usage. Just like index 3 will get you a
string of 'width=? height=?' to add to an image tag, while index 0
and 1 returns an integer of width and height respectively.
I can get the width and height from index 3, but that's not what it
was designed for.
Ed
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
At 9:53 AM -0500 4/29/07, Edward Vermillion wrote:
On Apr 29, 2007, at 8:03 AM, tedd wrote:
The php functions that provide data about files, do just that. They
inspect the header of the file and report what they have found. How
you use them, is your business.
Well, from the example it looks like that's returning a string that
can go straight into the header() function...
?php
$size = getimagesize($filename);
$fp=fopen($filename, rb);
if ($size $fp) {
header(Content-type: {$size['mime']});
fpassthru($fp);
exit;
} else {
// error
}
?
whereas index 2 in the array returns an integer that corresponds to
the IMAGETYPE_* constants. I would assume they both get the
information from the same place, but just return it in different
formats based on the intended usage. Just like index 3 will get you
a string of 'width=? height=?' to add to an image tag, while index 0
and 1 returns an integer of width and height respectively.
I can get the width and height from index 3, but that's not what it
was designed for.
It was designed to provide information. As I said you use it as you
want. Index 3 could have been used in and image tag, or in a report
of the image -- whatever you can find a use for it, use it.
The above example uses 'mime' for a header, but the below code uses
it more directly.
http://sperling.com/a/image_data/
Whatever floats your boat.
Cheers,
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On 4/28/07, Tim [EMAIL PROTECTED] wrote:
On 21.04.2007 12:45, Alain Roger wrote:
Hi,
In my web application, end user is able to load images (png, jpeg,
gif,..) into database. I would like to know how can i detect
automatically the type of image (pnd, jpeg,...) ? i do not want to
check the extension because this is easily faked... just by renaming
it.
Does it exist a technique for that ?
thanks a lot,
Hi,
unfortunately mime_content_type() does not work for me. This functions
does always return false, although the magic.mime is valid.
Here is a function I wrote to determine the correct extension of an
image file:
function get_image_extension($filename)
{
if (function_exists('exif_imagetype'))
{
switch (exif_imagetype($filename))
{
case 1:
return 'gif';
case 2:
return 'jpg';
case 3:
return 'png';
case 4:
return 'swf';
case 5:
return 'psd';
case 6:
return 'bmp';
case 7:
return 'tiff';
case 8:
return 'tiff';
case 9:
return 'jpc';
case 10:
return 'jp2';
case 11:
return 'jpx';
case 12:
return 'jb2';
case 13:
return 'swc';
case 14:
return 'iff';
case 15:
return 'wbmp';
case 16:
return 'xbm';
default:
return false;
}
}
else
return false;
}
Best regards,
Tim
First of all, i don't see any reason why this works better then other
functions, as it also relies on the magic bytes.
Second, for your switch, you should use the constants
(IMAGETYPE_GIF,IMAGETYPE_JPEG,...) instead of just using decimal
values.
Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On 4/28/07, tedd [EMAIL PROTECTED] wrote: At 2:10 AM +0200 4/28/07, Tim wrote: On 21.04.2007 12:45, Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Hi, unfortunately mime_content_type() does not work for me. Tim: It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; Cheers, tedd mime_content_type fails a lot, and so does getimagesize, i believe one relays on the other. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On Apr 28, 2007, at 6:54 AM, tedd wrote: At 2:10 AM +0200 4/28/07, Tim wrote: On 21.04.2007 12:45, Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Hi, unfortunately mime_content_type() does not work for me. Tim: It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; $image_size['mime'] ? Where did that come from? From the manual: Returns an array with 4 elements. Index 0 contains the width of the image in pixels. Index 1 contains the height. Index 2 is a flag indicating the type of the image: 1 = GIF, 2 = JPG, 3 = PNG, 4 = SWF, 5 = PSD, 6 = BMP, 7 = TIFF(intel byte order), 8 = TIFF(motorola byte order), 9 = JPC, 10 = JP2, 11 = JPX, 12 = JB2, 13 = SWC, 14 = IFF, 15 = WBMP, 16 = XBM. These values correspond to the IMAGETYPE constants that were added in PHP 4.3.0. Index 3 is a text string with the correct height=yyy width=xxx string that can be used directly in an IMG tag. So it should be $image_size[2], or has something changed that I don't know about? Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On 4/28/07, Edward Vermillion [EMAIL PROTECTED] wrote: On Apr 28, 2007, at 6:54 AM, tedd wrote: At 2:10 AM +0200 4/28/07, Tim wrote: On 21.04.2007 12:45, Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Hi, unfortunately mime_content_type() does not work for me. Tim: It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; $image_size['mime'] ? Where did that come from? From the manual: Returns an array with 4 elements. Index 0 contains the width of the image in pixels. Index 1 contains the height. Index 2 is a flag indicating the type of the image: 1 = GIF, 2 = JPG, 3 = PNG, 4 = SWF, 5 = PSD, 6 = BMP, 7 = TIFF(intel byte order), 8 = TIFF(motorola byte order), 9 = JPC, 10 = JP2, 11 = JPX, 12 = JB2, 13 = SWC, 14 = IFF, 15 = WBMP, 16 = XBM. These values correspond to the IMAGETYPE constants that were added in PHP 4.3.0. Index 3 is a text string with the correct height=yyy width=xxx string that can be used directly in an IMG tag. So it should be $image_size[2], or has something changed that I don't know about? Ed Did you read the line just above example 935? mime is the correspondant MIME type of the image. This information can be used to deliver images with correct the HTTP Content-type header: Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
At 9:22 AM -0500 4/28/07, Edward Vermillion wrote: It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; $image_size['mime'] ? Where did that come from? I duno, maybe the manual. http://us2.php.net/getimagesize -- 5th or 6th example down. Also, try this: http://xn--nvg.com/image_data Cheers, tedd PS: If your browser chokes, get a better browser. -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On 28.04.2007 10:39, Tijnema ! wrote: First of all, i don't see any reason why this works better then other functions, as it also relies on the magic bytes. Second, for your switch, you should use the constants (IMAGETYPE_GIF,IMAGETYPE_JPEG,...) instead of just using decimal values. Tijnema Yes, I wrote this function because none of the others worked for me properly. I found functions which determined the file type by a given extension. Those file types can be easily faked by using an other extension. I wrote the function a long time ago and was using PHP 4. The IMAGETYPE constants are available since PHP 4.3.0. It should, but instead try this: $image_size = getimagesize($filename); echo $image_size['mime']; I needed a way to get the correct extension of an image file. It is possible to create an array with all MIME types and the matching extensions. Then you just have to search for $image_size['mime'] in it and you have correct extension. As I see there is a way, which is a lot easier: You can use $image_size[2] which is a flag indicating type of the image. 1 = GIF 2 = JPG 3 = PNG 4 = SWF, 5 = PSD 6 = BMP 7 = TIFF(intel byte order) 8 = TIFF(motorola byte order) 9 = JPC 10 = JP2 11 = JPX 12 = JB2 13 = SWC 14 = IFF 15 = WBMP 16 = XBM Since PHP 4.3.0 you can use constants. I reckon $type = exif_imagetype($filename); is the same as $image_size = getimagesize($filename); $type = $image_size[2]; exif_imagetype would have to be faster than getimagesize because it only gets the file type. getimagesize does also get the width/height, MIME type, etc. I think getimagesize depends on exif_imagetype and will work even if exif is disabled, but I am not sure. Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On Apr 28, 2007, at 12:21 PM, tedd wrote:
At 9:22 AM -0500 4/28/07, Edward Vermillion wrote:
It should, but instead try this:
$image_size = getimagesize($filename);
echo $image_size['mime'];
$image_size['mime'] ? Where did that come from?
I duno, maybe the manual.
http://us2.php.net/getimagesize -- 5th or 6th example down.
Ahhh... that's for sending a mime type to the browser. I'd always
just used $image[2] since I usually check against the image constants
in a switch...
switch ($image[2]) {
case IMAGETYPE_JPEG:
// do something with a jpeg...
blah...blah...blah...
}
But it's good to know that the 'mime' bit is there too.
Ed
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
Sorry I'm late to this thread, I don't know if it has been mentioned, but most files have a 'magic number' at the begining of the file, which usually reads as a couple of letters or more. I think EXE files start with MZ, gifs with GIFxx where xx is the last two digits of the year of the standard. Just open files of the types you are concerned about and check the first few characters. Satyam - Original Message - From: Richard Lynch [EMAIL PROTECTED] To: Jonathan [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Wednesday, April 25, 2007 4:30 AM Subject: Re: [PHP] Re: how to detect type of image On Sun, April 22, 2007 10:35 am, Jonathan wrote: Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Is there anything wrong with just using $_FILES['upload_name']['type']? Yes. The first thing wrong, is that the idiot browser-makers can't even agree on what to cram into that when a user uploads a simple JPEG, much less some more esoteric document. So, right there, what you have in there under normal circumstances is pretty much garbage. The second thing wrong is that the Bad Guys can cram any dang thing they want in there, regardless of what they are uploading. So they can upload a nice .exe binary file and cram image/jpeg into the type. If your script is equally insecure throughout, then you could easily end up having an executable file up on your server that the Bad Guy wrote, and all they have to do is surf to it for it to run. That would be bad, just in case it's not terribly obvious. :-) Other than that, though, it's fine and dandy to use it... :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.463 / Virus Database: 269.6.0/775 - Release Date: 24/04/2007 17:43 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On 4/25/07, Satyam [EMAIL PROTECTED] wrote: Sorry I'm late to this thread, I don't know if it has been mentioned, but most files have a 'magic number' at the begining of the file, which usually reads as a couple of letters or more. I think EXE files start with MZ, gifs with GIFxx where xx is the last two digits of the year of the standard. Just open files of the types you are concerned about and check the first few characters. Satyam I believe that mime_content_type does this, by reading a .magic file. In a magic file, there are these described i believe. But how would you detect (by a magic number) if a script is HTML or PHP? No way :P Of course, It's both not valid for an image file, but you might be worried when the first magic bytes are faked. Does somebody care if there are a few magic bytes displayed at the top of his page? Tijnema Ps. Please don't top post. - Original Message - From: Richard Lynch [EMAIL PROTECTED] To: Jonathan [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Wednesday, April 25, 2007 4:30 AM Subject: Re: [PHP] Re: how to detect type of image On Sun, April 22, 2007 10:35 am, Jonathan wrote: Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Is there anything wrong with just using $_FILES['upload_name']['type']? Yes. The first thing wrong, is that the idiot browser-makers can't even agree on what to cram into that when a user uploads a simple JPEG, much less some more esoteric document. So, right there, what you have in there under normal circumstances is pretty much garbage. The second thing wrong is that the Bad Guys can cram any dang thing they want in there, regardless of what they are uploading. So they can upload a nice .exe binary file and cram image/jpeg into the type. If your script is equally insecure throughout, then you could easily end up having an executable file up on your server that the Bad Guy wrote, and all they have to do is surf to it for it to run. That would be bad, just in case it's not terribly obvious. :-) Other than that, though, it's fine and dandy to use it... :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.463 / Virus Database: 269.6.0/775 - Release Date: 24/04/2007 17:43 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
Tijnema ! wrote: I believe that mime_content_type does this, by reading a .magic file. In a magic file, there are these described i believe. But how would you detect (by a magic number) if a script is HTML or PHP? No way :P mime_content_type is deprecated, use the FileInfo functions instead. Cheers, Rich -- Zend Certified Engineer http://www.corephp.co.uk Never trust a computer you can't throw out of a window -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image WAY OT (but not that far)
On Wednesday 25 April 2007 14:14, Richard Davey wrote: Tijnema ! wrote: I believe that mime_content_type does this, by reading a .magic file. In a magic file, there are these described i believe. But how would you detect (by a magic number) if a script is HTML or PHP? No way :P mime_content_type is deprecated, use the FileInfo functions instead. Cheers, Rich -- Zend Certified Engineer http://www.corephp.co.uk Never trust a computer you can't throw out of a window I loved this signature. -- --- Børge http://www.arivene.net --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On Wed, April 25, 2007 2:51 am, Satyam wrote: Sorry I'm late to this thread, I don't know if it has been mentioned, but most files have a 'magic number' at the begining of the file, which usually reads as a couple of letters or more. I think EXE files start with MZ, gifs with GIFxx where xx is the last two digits of the year of the standard. Just open files of the types you are concerned about and check the first few characters. That's pretty much how the MIME magic PHP function works, as well as exec(file $foo, $output, $error) So I certainly would not attempt to re-invent the wheel on this one. Even PHP's getimagesize or whatever it is uses the same idea, so that would be better. Note that a really savvy hacker might still find a way to upload something with the right headers to fool your script, but with embedded data that is going to give you trouble... But they'll sure have to work hard at it, and they'll be a lot more rare than if you don't do this simple basic check. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On Wed, April 25, 2007 7:00 am, Tijnema ! wrote: On 4/25/07, Satyam [EMAIL PROTECTED] wrote: Sorry I'm late to this thread, I don't know if it has been mentioned, but most files have a 'magic number' at the begining of the file, which usually reads as a couple of letters or more. I think EXE files start with MZ, gifs with GIFxx where xx is the last two digits of the year of the standard. Just open files of the types you are concerned about and check the first few characters. Satyam I believe that mime_content_type does this, by reading a .magic file. In a magic file, there are these described i believe. But how would you detect (by a magic number) if a script is HTML or PHP? No way :P Of course, It's both not valid for an image file, but you might be worried when the first magic bytes are faked. Does somebody care if there are a few magic bytes displayed at the top of his page? Yes, no, sort of. Once you've checked the magic numbers at the start, the potential abuses shrinks DRAMATICALLY. For example, I'm pretty sure that most Operating Systems will refuse to execute a file that starts with 'GIF89a' as if it were a binary executable. That doesn't mean somebody couldn't manage to write an abusive Perl script (or PHP script or Java applet or whatever) that looks like a GIF because it starts with GIF89a and then that person might still manage to trick your PHP script into putting it somewhere that it will get executed as a script on your server, rather than just displayed as a GIF (looking like noise or abstract art, at best) in a browser. But checking the magic number in some fashion will alter a huge sucking chest wound of a Security hole into a small punctured lung of a Security hole. :-) You should, of course, also take care that the files in question could not possibly get executed, nor passed into any kind of parser like PHP, Perl, Python, Java, JSP, ASP, etc. That would be another barrier to try to erect. Every extra barrier you layer in there will slim down the number of attackers that can get through, usually. Defense in Depth it's usually called. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On Sun, April 22, 2007 10:35 am, Jonathan wrote: Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Is there anything wrong with just using $_FILES['upload_name']['type']? Yes. The first thing wrong, is that the idiot browser-makers can't even agree on what to cram into that when a user uploads a simple JPEG, much less some more esoteric document. So, right there, what you have in there under normal circumstances is pretty much garbage. The second thing wrong is that the Bad Guys can cram any dang thing they want in there, regardless of what they are uploading. So they can upload a nice .exe binary file and cram image/jpeg into the type. If your script is equally insecure throughout, then you could easily end up having an executable file up on your server that the Bad Guy wrote, and all they have to do is surf to it for it to run. That would be bad, just in case it's not terribly obvious. :-) Other than that, though, it's fine and dandy to use it... :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On Sun, April 22, 2007 12:14 pm, Tijnema ! wrote: Yeah right, a time bomb with an image header :P It should have an ELF header :) But then it would be detected by the mime_content_type i guess. mime_content_type would not detect, say, a PHP script embedded into the comments section of a JPEG (or GIF or PNG) and it's not unreasonable to think that maybe that's bad to allow on the server, in some circumstances, depending on all your other security processes. Security is not a simple off/on switch, nor even a do this and you'll be safe type of thing. It's an ongoing effort from end to end of the entire process to really think about what *COULD* be exploited, and how to prevent that, ideally with at least two independent checks/blocks, in case one of the checks doesn't do what you think it does, or gets bypassed, or some idiot rips it out one day, not remembering why it's there, or it gets lost in a server move, or... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
Jonathan wrote: Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Is there anything wrong with just using $_FILES['upload_name']['type']? $_FILES['upload_name']['type'] appears to believe the extension. Try it--upload a file with a misleading extension. This same question was asked yesterday and the advice was to use string *mime_content_type* ( string filename) That doesn't seem to get fooled very easily, though I suppose you could fool it if you went to the effort of, say, setting up a fake image header, when what you are sending is a time bomb. M. -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On Sunday 22 April 2007 17:35, Jonathan wrote: Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Is there anything wrong with just using $_FILES['upload_name']['type']? read 8 lines further up -- --- Børge http://www.arivene.net --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: how to detect type of image
On 4/22/07, Myron Turner [EMAIL PROTECTED] wrote: Jonathan wrote: Alain Roger wrote: Hi, In my web application, end user is able to load images (png, jpeg, gif,..) into database. I would like to know how can i detect automatically the type of image (pnd, jpeg,...) ? i do not want to check the extension because this is easily faked... just by renaming it. Does it exist a technique for that ? thanks a lot, Is there anything wrong with just using $_FILES['upload_name']['type']? $_FILES['upload_name']['type'] appears to believe the extension. Try it--upload a file with a misleading extension. This same question was asked yesterday and the advice was to use string *mime_content_type* ( string filename) That doesn't seem to get fooled very easily, though I suppose you could fool it if you went to the effort of, say, setting up a fake image header, when what you are sending is a time bomb. M. Yeah right, a time bomb with an image header :P It should have an ELF header :) But then it would be detected by the mime_content_type i guess. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
