FUDforum: comp.lang.php » Failed @getimagesize() print to error

Home » Imported messages » comp.lang.php » Failed @getimagesize() print to error_log?

Show: Today's Messages :: Polls :: Message Navigator

Re: Failed @getimagesize() print to error_log? [message #173239 is a reply to message #173089]

Tue, 29 March 2011 07:11

Gordon Burditt
Messages: 2
Registered: March 2011

Karma:

Junior Member

>> Tell me, are you taking user input in some form and expecting it to match
>> the name of a thumbnail file on the server?
>>
>> If so, what controls are you placing on that user input to ensure that a
>> valid file name is requested?
>
> Not exactly. This section hosts local classifieds, so the user is
> uploading it via a Perl script, which verifies that it's a legitimate
> image, and renames the image to the ID of the listing (so it's always
> a number). Then, the image name is added to a database, which is then
> read when a site visitor views the ad.

In order to verify that something is a valid image, you need, at a
minimum, an antivirus program. There are a number of ways to
generate a malicious image intended to cause buffer overflows or
other nasty things in browsers. Whether or not it causes trouble
for PHP, you don't want to serve such images.

You may also need the MPAA image-rating program (if such a thing
exists) to ensure that you are not accepting pornographic images
for your classifieds. Unless, of course, it's for pornographic
classifieds.

Report message to a moderator

[Message index]

		Failed @getimagesize() print to error_log? By: jwcarlton on Sun, 20 March 2011 01:58
		Re: Failed @getimagesize() print to error_log? By: Jerry Stuckle on Sun, 20 March 2011 02:44
		Re: Failed @getimagesize() print to error_log? By: jwcarlton on Sun, 20 March 2011 09:31
		Re: Failed @getimagesize() print to error_log? By: Jerry Stuckle on Sun, 20 March 2011 12:34
		Re: Failed @getimagesize() print to error_log? By: jwcarlton on Sun, 20 March 2011 22:24
		Re: Failed @getimagesize() print to error_log? By: Jerry Stuckle on Sun, 20 March 2011 23:56
		Re: Failed @getimagesize() print to error_log? By: Denis McMahon on Sun, 20 March 2011 17:24
		Re: Failed @getimagesize() print to error_log? By: jwcarlton on Sun, 20 March 2011 22:28
		Re: Failed @getimagesize() print to error_log? By: Gordon Burditt on Tue, 29 March 2011 07:11

Previous Topic:	PDO MySQL
Next Topic:	Very strange behaviour of imageftbbox()?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Mon Feb 17 16:46:03 GMT 2025

Total time taken to generate the page: 0.03511 seconds