How to tell if uploading a file is a picture or is it safe
How to tell if uploading a file is a picture or is it safe
------Solution--------------------
Usually through the file name of the original suffix to upload the document when the identification, and then save the corresponding type, as long as the security is not executable files are basically safe, do not know what you want to ask is what security.
------Solution--------------------
$_files["File" ["type"]--you can determine the type of file being uploaded.
As for security, see what your standards are.
------Solution--------------------
Do not believe in any incoming things, or you will swallow the bitter fruit of credulity.
What do you think of this picture?
$im = Imagecreate (a);
$color = Imagecolorallocate ($im, 255, 0, 0);
Imagegif ($im, ' 1.gif ');
$s =<<< TXT
Phpinfo ();
?>
TXT;
File_put_contents (' 1.gif ', $s, file_append);
Print_r (getimagesize (' 1.gif '));
Echo ';
Include ' 1.gif ';
------Solution--------------------
Use Mime_content_type to check the type
http://php.net/manual/zh/function.mime-content-type.php
I usually use ImageMagick to rotate the picture.
------Solution--------------------
Reference:
do not trust any incoming things, or you will swallow the bitter fruit of the swallow.
What do you think of this picture?
$im = Imagecreate (a);
$color = Imagecolorallocate ($im, 255, 0, 0);
Imagegif ($im, ' 1.gif ');
$s =<<< TXT
Phpinfo ();
?>
TXT;
File_put_contents (' 1.gif ', $s, file_append);
Print_r (getimagesize (' 1.gif '));
Echo ';
Include ' 1.gif ';
I tested your code, PHPINFO () executed, but who would go to include a picture?
Such a picture will never be executed, right?