|
-
Mar 13th, 2003, 01:34 PM
#1
Thread Starter
Lively Member
Confirm Image
I have a uploading script and i need to make sure that it isnt a exe (or anythign other than an image) being uploaded. For example, virus.exe.jpg. I need someting that would filter things like that out.
<INPUT maxLength=128 name=image type=file ACCEPT="image/jpeg, image/jpg"> ..is what IS allowed.
Is there any way to confirm that the file being uploaded is either a valid image, or dosent contain an extra.exe.jpf in the filename?
Thanks ahead of time...
-
Mar 13th, 2003, 01:47 PM
#2
If you open it up and read the first bytes. You can check if it has JFIF in the start...can't remember what bytes it is...but look up the JPEG structure...and if you can't find it, post again..and I will have a look...
BTW is it more the JPG files that are allowed??? Gif ? BMP???
-
Mar 13th, 2003, 01:53 PM
#3
Thread Starter
Lively Member
just .jpg's....
thanks for the tip, ill do some searching.
-
Mar 13th, 2003, 01:54 PM
#4
So then look up the JPG structure...
-
Mar 13th, 2003, 02:01 PM
#5
This is a VB example...
VB Code:
Public Type ThePicInfo
Type As String
Width As Long
Height As Long
End Type
Private Function CheckPicSpecs(TheFile) As ThePicInfo
Dim TheContent, TheImageInfo As ThePicInfo, TheVar, TheFreeFile
TheFreeFile = FreeFile
Open TheFile For Binary As TheFreeFile
TheContent = Input(10, TheFreeFile)
Close TheFreeFile
If Mid(TheContent, 7, 4) = "JFIF" Then
TheImageInfo.Type = "JPG"
Open TheFile For Binary As TheFreeFile
TheContent = Input(167, TheFreeFile)
Close TheFreeFile
TheImageInfo.Height = Asc(Mid(TheContent, 165, 1)) + 256 * Asc(Mid(TheContent, 164, 1))
TheImageInfo.Width = Asc(Mid(TheContent, 167, 1)) + 256 * Asc(Mid(TheContent, 166, 1))
End If
If Mid(TheContent, 1, 3) = "GIF" Then
TheImageInfo.Type = "GIF"
TheImageInfo.Width = Asc(Mid(TheContent, 7, 1)) + 256 * Asc(Mid(TheContent, 8, 1))
TheImageInfo.Height = Asc(Mid(TheContent, 9, 1)) + 256 * Asc(Mid(TheContent, 10, 1))
End If
CheckPicSpecs = TheImageInfo
End Function
It looks like it is in the four bytes 7-10.
-
Mar 13th, 2003, 05:37 PM
#6
Frenzied Member
but vb is a lot different than php, you can't expect to enter that in php and have it work.
so all you can do is check that it is not empty and that it is a jpg though the mime_type it sends. not sure if there is anything else you can do.
-
Mar 13th, 2003, 05:55 PM
#7
Can't you read one byte at a time in PHP??? With a fixed string or something?
-
Mar 14th, 2003, 12:20 AM
#8
Frenzied Member
well I suppose you could, but why, it is the web there is no need to. once you check for an image then what else can you do? I mean so somebody uploads a file.exe.jpg, big deal, it is still an image and can be ran on the web can it? if you call it does it try to open a image? it is not like your OS where it can be run as vbs or something, and besides usually the OS hides the last extension so actually the file is like so file.exe.jpg.vbs so there is a big difference on the web.
prove me wrong!!! if you can't then I stand by wha tI just said. I never heard of this problem. al you can check for and all you would need to check for is the extension and php doesn't hid the .vbs from you
-
Mar 25th, 2003, 09:39 PM
#9
Stuck in the 80s
phpman has a very good point, but if you want something anyways, why not just check the given filename? Search for an occurance of ".exe" and if you find it, reject it.
It's as simple as that.
-
Mar 25th, 2003, 10:32 PM
#10
Frenzied Member
yeah so good he can't reply back 
-
Mar 26th, 2003, 02:26 PM
#11
Stuck in the 80s
Originally posted by phpman
yeah so good he can't reply back
Us Michigan folk aren't too bright.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote