I just use php getimagesize() to get image info ?It likes the following。。。
/**
* @return array(w=>with, h=hight, type=类别) type: 1 = GIF,2 = JPG,3 = PNG,4 = SWF,5 = PSD,6 = BMP,7 = TIFF(intel byte order),8 = TIFF(motorola byte order),9 = JPC,10 = JP2,11 = JPX,12 = JB2,13 = SWC,14 = IFF,15 = WBMP,16 = XBM
*/
static function _getImgInfo($srcFile)
{
$info = array();
$imageinfo = @getimagesize($srcFile, $data);
/*
* info struct
Array
(
[0] => 3264
[1] => 2448
[2] => 2
[3] => width="3264" height="2448"
[bits] => 8
[channels] => 3
[mime] => image/jpeg
)
*/
if (FALSE === $data)
{
return $info;
}
$info['width'] = $imageinfo[0];
$info['height'] = $imageinfo[1];
$info['type'] = $imageinfo[2];
return $info;
}
I only allow info['type'] equal 1 or 2 or 3,otherwise return wrong image。。。
someone tells me use finfo:
$file = 'xx.PNG';
$finfo = new finfo(FILEINFO_MIME_TYPE);
$mime_type = $finfo->file($file);
var_dump($mime_type);
compare function getimagesize of gd extension with function file of finfo extension, which is better?
Whether or What I need do more ?
How to against ImageTragick with php ?
- fmw42
- Posts: 25562
- Joined: 2007-07-02T17:14:51-07:00
- Authentication code: 1152
- Location: Sunnyvale, California, USA
Re: How to against ImageTragick with php ?
What does this have to do with ImageTragick vulnerability?