John DOe
Reputation: 222
Increasing security on imageUpload, issues with img src="image.php"
Cant seem to get the php script to execute and fetch the image script, the image placeholder.jpg is sored outside of the public_html webroot, here is what i do
Show image .php file
<img src="image.php?image=<?php echo urlencode('placeholder.jpg') ?>"/>
image.php
<?php
$file = basename(urldecode($_GET['image']));
$fileDir = '/noaccess/avatars/';
if (file_exists($fileDir . $file))
{
$contents = file_get_contents($fileDir . $file);
header('Content-type: image/jpg');
echo $contents;
}
?>
Upvotes: 0
Views: 133
Answers (1)
Hermann Stephane Ntsamo
Reputation: 588
It is EXTREMELY unsecured to run that kind of script, because you are giving hackers access to your file system remember they can use ../ to navigate up the folders,
but anyway try this:
<?php
$file = basename(urldecode($_GET['image']));
$fileDir = $_SERVER['DOCUMENT_ROOT'] . 'noaccess/avatars/';
if (file_exists($fileDir . $file))
{
$imageRes = imagecreatefromjpeg($fileDir . $file);
header('Content-Type: image/jpeg');
// Output the image
@imagepng($imageRes);
// Free up memory
@imagedestroy($imageRes);
die();
}
?>
Upvotes: 2
Related Questions
- Full Secure Image Upload Script
- Secure image upload in php
- Secure image upload with PHP?
- How to upload a safe image with PHP?
- Secure way to upload image in php and htaccess
- PHP image upload security approach
- How to secure image uploads properly with PHP?
- Php file image upload security
- image upload security
- php image storing - security