How to properly upload images to the server (without worms and viruses)?

S

swcalc2015-04-12 02:08:42

PHP

swcalc, 2015-04-12 02:08:42

Good day, I'm interested in the question of how to properly process images or set up a dedicated area on the server for storing images?
The format is defined as follows, how not to upload an image with something that can harm the server and users (or that this image remains an image)?

$q=array(
            'image' => $_FILES['image'],
            'image_info'    => new finfo(FILEINFO_MIME_TYPE)
        );
        echo $q['image_info']->file($q['image']['tmp_name']);

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

P

Pavel K, 2015-04-12
@swcalc

If only images are loaded, then just use GD functions
For example imagecreatefromjpg (of course, you need to determine its type first) and then just save imagejpg($imagecreated, $filename); in the place you need. it is natural at the same time not to forget to register exceptions.
For more paranoia, in the save directory, you can disable the execution of scripts via .htaccess
Well, an article on the topic: habrahabr.ru/post/44610

X

xmoonlight, 2015-04-12
@xmoonlight

function.getimagesize.php
Check sizes via function. If the dimensions are normal - this is an image.