Php file image upload security -
$filename=$_files['file']['name']; $type=$_files['file']['type']; $extension=strtolower(substr($filename, strpos($filename, '.')+1)); $size=$_files['file']['size']; if(($extension=='jpg' || $extension=='jpeg') && ($type!='image/jpg' || $type!='image/jpeg')){... i have input file, can let user upload jpg/jpeg image only, have check type, extension, size.
however i'm not sure how check if user change extension.(ex. abc.php -> abc.jpg)
any thing else need check before save user's image server?
you can check image exif_imagetype()
http://www.php.net/manual/en/function.exif-imagetype.php
exif_imagetype() reads first bytes of image , checks signature.
Comments
Post a Comment