PHP判断图片是否为标准图片(防止篡改图片下传)
PHP判断图片是否为标准图片(防止篡改图片上传)
在项目安检时发现,某系项目中图片上传只是对后缀名进行了检查,导致含有某些代码的‘图片’也能上传到服务器,有重大隐患。写了一个方法,检验图片的正确性。(此方法无法完全验证,将图片源码中加了代码无法判断,不过将图片处理比如加水印以后,含有代码的图片在当作php执行时会失效)
?
/* *判断上传的图片是否为标准图片 *$file $FILES['']获取的值 *return 正常图片 true ; 异常图片 false; */function isimage($file){ if ($file["type"] == "image/gif") { @$im = imagecreatefromgif($file['tmp_name']); } elseif ($file["type"] == "image/png" || $file["type"] == "image/x-png") { @$im = imagecreatefrompng($file['tmp_name']); } else { @$im = imagecreatefromjpeg($file['tmp_name']); } if($im==false){ return false; }else{ return true; }}
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Hongmeng native application random poetry
Feb 19, 2024 pm 01:36 PM
To learn more about open source, please visit: 51CTO Hongmeng Developer Community https://ost.51cto.com Running environment DAYU200:4.0.10.16SDK: 4.0.10.15IDE: 4.0.600 1. To create an application, click File- >newFile->CreateProgect. Select template: [OpenHarmony] EmptyAbility: Fill in the project name, shici, application package name com.nut.shici, and application storage location XXX (no Chinese, special characters, or spaces). CompileSDK10, Model: Stage. Device
Use java's File.length() function to get the size of the file
Jul 24, 2023 am 08:36 AM
Use Java's File.length() function to get the size of a file. File size is a very common requirement when dealing with file operations. Java provides a very convenient way to get the size of a file, that is, using the length() method of the File class. . This article will introduce how to use this method to get the size of a file and give corresponding code examples. First, we need to create a File object to represent the file we want to get the size of. Here is how to create a File object: Filef
Detailed explanation of the usage of return in C language
Oct 07, 2023 am 10:58 AM
The usage of return in C language is: 1. For functions whose return value type is void, you can use the return statement to end the execution of the function early; 2. For functions whose return value type is not void, the function of the return statement is to end the execution of the function. The result is returned to the caller; 3. End the execution of the function early. Inside the function, we can use the return statement to end the execution of the function early, even if the function does not return a value.
How to convert php blob to file
Mar 16, 2023 am 10:47 AM
How to convert php blob to file: 1. Create a php sample file; 2. Through "function blobToFile(blob) {return new File([blob], 'screenshot.png', { type: 'image/jpeg' })} ” method can be used to convert Blob to File.
Rename files using java's File.renameTo() function
Jul 25, 2023 pm 03:45 PM
Use Java's File.renameTo() function to rename files. In Java programming, we often need to rename files. Java provides the File class to handle file operations, and its renameTo() function can easily rename files. This article will introduce how to use Java's File.renameTo() function to rename files and provide corresponding code examples. The File.renameTo() function is a method of the File class.
What is the execution order of return and finally statements in Java?
Apr 25, 2023 pm 07:55 PM
Source code: publicclassReturnFinallyDemo{publicstaticvoidmain(String[]args){System.out.println(case1());}publicstaticintcase1(){intx;try{x=1;returnx;}finally{x=3;}}}#Output The output of the above code can simply conclude: return is executed before finally. Let's take a look at what happens at the bytecode level. The following intercepts part of the bytecode of the case1 method, and compares the source code to annotate the meaning of each instruction in
What are the uses of the Type keyword in Go?
Sep 06, 2023 am 09:58 AM
The usage of the Type keyword in Go includes defining new type aliases or creating new structure types. Detailed introduction: 1. Type alias. Use the "type" keyword to create an alias for an existing type. This alias does not create a new type, but only provides a new name for the existing type. Type aliases can improve code. The readability of the code makes the code clearer; 2. Structure type. Use the "type" keyword to create a new structure type. The structure is a composite type that can be used to define custom types containing multiple fields. etc.
Use java's File.getParentFile() function to get the parent directory of the file
Jul 27, 2023 am 11:45 AM
Use java's File.getParentFile() function to get the parent directory of a file. In Java programming, we often need to operate files and folders. When we need to get the parent directory of a file, we can use the File.getParentFile() function provided by Java. This article explains how to use this function and provides code examples. File class in Java is the main class used to operate files and folders. It provides many methods to obtain and manipulate file properties
