Legacy ImageMagick Discussions Archive

Use https://github.com/ImageMagick/ImageMagick/discussions instead.
https://legacy.imagemagick.org/discourse-server/

How to against ImageTragick with php ?

https://legacy.imagemagick.org/discourse-server/viewtopic.php?t=29619

Page 1 of 1

How to against ImageTragick with php ?

Posted: 2016-05-05T06:53:02-07:00
by zxsz4084
I just use php getimagesize() to get image info ?It likes the following。。。

/**
* @return array(w=>with, h=hight, type=类别) type: 1 = GIF,2 = JPG,3 = PNG,4 = SWF,5 = PSD,6 = BMP,7 = TIFF(intel byte order),8 = TIFF(motorola byte order),9 = JPC,10 = JP2,11 = JPX,12 = JB2,13 = SWC,14 = IFF,15 = WBMP,16 = XBM
*/
static function _getImgInfo($srcFile)
{
$info = array();
$imageinfo = @getimagesize($srcFile, $data);

/*
* info struct
Array
(
[0] => 3264
[1] => 2448
[2] => 2
[3] => width="3264" height="2448"
[bits] => 8
[channels] => 3
[mime] => image/jpeg
)
*/
if (FALSE === $data)
{
return $info;
}

$info['width'] = $imageinfo[0];
$info['height'] = $imageinfo[1];
$info['type'] = $imageinfo[2];

return $info;
}

I only allow info['type'] equal 1 or 2 or 3,otherwise return wrong image。。。


someone tells me use finfo:

$file = 'xx.PNG';
$finfo = new finfo(FILEINFO_MIME_TYPE);
$mime_type = $finfo->file($file);
var_dump($mime_type);


compare function getimagesize of gd extension with function file of finfo extension, which is better?

Whether or What I need do more ?

Re: How to against ImageTragick with php ?

Posted: 2016-05-05T09:23:27-07:00
by fmw42
What does this have to do with ImageTragick vulnerability?
All times are UTC-07:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited