Recently do picture download and picture upload by the picture format to toss dead, here to summarize how to verify the verification of a file is a picture and get its picture format method, for everyone's reference.
In general, to verify that a file is a picture, you can use the following three ways: 1, to determine whether the file extension is the required image extension
This kind of judgment is used more than a way, but this way is very improper, others slightly to the image of a file extension is modified to the extension of the picture, it bypassed your this checksum, if this upload file is shell, PHP or JSP, That your website basically can say in someone else's hand inside.
But this is not a completely useless way of judging. We can put it in the image of the outermost, if a file even extension is not the image we require the extension, it is not the following content format check, to some extent, to reduce the pressure of the server or have some help, Otherwise all the files are uploaded after the completion of the server to judge, it will be to a certain extent waste resources.
2, according to the file in front of a few bytes, that is often said the magic number to judge, different file types of the beginning of several bytes, you can see my other special station introduction: The magic number of different file types.
But this way of judging is also very unreliable, because he can only verify the first few bytes of the file, so that someone to modify the extension of an executable PHP file to PNG, and then in front of the "89 50″ two bytes, and then bypass this way of verification."
3, the use of Javax.imageio.ImageIO, if you can get to the associated ImageReader to describe it as a picture, and can further obtain the format of the picture and other information.
The above 1, 2 method implementation can refer to this blog: How to use Java to format the image and check the security process, I only say a third method.
The picture file format for the test is changed to PNG, but this method checks that the format is JPEG and the sample code is as follows:
Package com.ricky.java.common.download.test;
Import Java.io.File;
Import java.io.IOException;
Import Java.util.Iterator;
Import Javax.imageio.ImageIO;
Import Javax.imageio.ImageReader;
Import Javax.imageio.stream.ImageInputStream; public class Imagedemo {/** * @param args */public static void main (string[] args) {File file = new file ("E
:/download_test/pics/1c/1cd5v0uya36wg0rf4fu39dtym.png ");
Boolean result = Isimage (file);
System.out.println ("result=" +result);
GetExtension (file);
public static void GetExtension (file file) {Imageinputstream IIS = NULL;
try {IIS = Imageio.createimageinputstream (file);
Iterator<imagereader> iter = Imageio.getimagereaders (IIS);
if (Iter.hasnext ()) {System.out.println ("extension:" +iter.next (). Getformatname ());
} catch (IOException e) {e.printstacktrace ();
}finally{if (iis!=null) {try {iis.close ();
catch (IOException e) {e.printstacktrace (); }}} PubLic static Boolean isimage (File resfile) {Imageinputstream IIS = NULL;
try {IIS = Imageio.createimageinputstream (resfile);
Iterator<imagereader> iter = Imageio.getimagereaders (IIS);
if (Iter.hasnext ()) {//file is not a picture return true;
} catch (IOException e) {e.printstacktrace ();
}finally{if (iis!=null) {try {iis.close ();
catch (IOException e) {e.printstacktrace ();
}} return false;
}
}
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
