V
V
Vlad2016-05-08 15:42:39
PHP
Vlad, 2016-05-08 15:42:39

How to disable code execution in .jpg, gif, png files?

Hello.
I have already found 2 similar viruses on the site: the file contains a link to a .gif image uploaded to FTP, and this image itself, if opened in a text editor, then there is a php code with a virus inside.
Tell me, please, is it possible to somehow prohibit the entire site from executing php code in files that have an image format?
Or can it be reasonable to make the code run only in files with a .php extension?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Andrey Pavlenko, 2016-05-08
@Akdmeh

1) use the getimagesize function - this will help a lot from "coolhackers".
2) in general, there is no threat to the site if such files cannot be included somewhere in the code (and this should not be). You can optionally disable the execution of PHP scripts in the specific folder where these images are stored, but usually, if you validate extensions correctly, there is nothing to be afraid of.
That is, by default, the code in images will not work.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question