How to against ImageTragick with php ?

Questions and postings pertaining to the usage of ImageMagick regardless of the interface. This includes the command-line utilities, as well as the C and C++ APIs. Usage questions are like "How do I use ImageMagick to create drop shadows?".
Locked
zxsz4084
Posts: 25
Joined: 2015-03-31T01:31:44-07:00
Authentication code: 6789

How to against ImageTragick with php ?

Post by zxsz4084 »

I just use php getimagesize() to get image info ?It likes the following。。。

/**
* @return array(w=>with, h=hight, type=类别) type: 1 = GIF,2 = JPG,3 = PNG,4 = SWF,5 = PSD,6 = BMP,7 = TIFF(intel byte order),8 = TIFF(motorola byte order),9 = JPC,10 = JP2,11 = JPX,12 = JB2,13 = SWC,14 = IFF,15 = WBMP,16 = XBM
*/
static function _getImgInfo($srcFile)
{
$info = array();
$imageinfo = @getimagesize($srcFile, $data);

/*
* info struct
Array
(
[0] => 3264
[1] => 2448
[2] => 2
[3] => width="3264" height="2448"
[bits] => 8
[channels] => 3
[mime] => image/jpeg
)
*/
if (FALSE === $data)
{
return $info;
}

$info['width'] = $imageinfo[0];
$info['height'] = $imageinfo[1];
$info['type'] = $imageinfo[2];

return $info;
}

I only allow info['type'] equal 1 or 2 or 3,otherwise return wrong image。。。


someone tells me use finfo:

$file = 'xx.PNG';
$finfo = new finfo(FILEINFO_MIME_TYPE);
$mime_type = $finfo->file($file);
var_dump($mime_type);


compare function getimagesize of gd extension with function file of finfo extension, which is better?

Whether or What I need do more ?

User avatar
fmw42
Posts: 26383
Joined: 2007-07-02T17:14:51-07:00
Authentication code: 1152
Location: Sunnyvale, California, USA

Re: How to against ImageTragick with php ?

Post by fmw42 »

What does this have to do with ImageTragick vulnerability?

Locked