File security for php image uploads

Generally, File Upload does not check file security. Generally, simple extension verification will be performed later. The type in the php $ _ FILES array is very unreliable, only verifies the extension name of the file. The reliable ones are exif_imagetype and getimagesize, which is very reliable for file types.

Generally, File Upload does not check file security. Generally, simple extension verification will be performed later. The type in the php $ _ FILES array is very unreliable, only verifies the extension name of the file. The reliable ones are exif_imagetype and getimagesize, which is very reliable for file types.

Normal file uploads do not check file security. Generally, the extension is verified later.

Simple extension verification is the type in the $ _ FILES array of php.

This is very unreliable. It only verifies the extension name of the file, and the reliable ones are exif_imagetype and getimagesize. This is very reliable for the file type.

Security Practices

0. linux anti-virus software clamav

In the test environment, you can use the clamscan command to test (very slow)

To start the clamd service in the production environment, use clamdscan to scan files (very fast, within milliseconds)

Note: It is best to add a scheduled task to update the virus database freshclam every day.

Solution after scanning the virus:

A. (recommended) Use imagecreatefromjpeg and other methods to Read File Information and recreate a file to prevent viruses and affect user use.

B. Directly Delete the image and hit the bad part.

1. Anti-virus software is not required for medium and small websites. You only need to control the execution permissions of servers, folders, and files.