Thomas Decaux
Reputation: 22711
Generate thumbnails from untrust remote images
I am doing a simple thumbnail generator, no problem to generate the thumbnail, I am using PHP, file_get_contents to get the remove image content.
I am wondering if there is some security issue to download the file content like this (with cURL or file_get_contents).
- How can I limit the file size and stop the download at X Mo?
- How can I check the binary content has no dangerous code?
- Maybe there is another technologie than PHP fitting my needs?
Thanks
Upvotes: 0
Views: 217
Answers (1)
Thomas Decaux
Reputation: 22711
Here a piece of code I will test:
curl_setopt($cURL_Handle, CURLOPT_BUFFERSIZE, 128);
curl_setopt($cURL_Handle, CURLOPT_NOPROGRESS, false);
curl_setopt($cURL_Handle, CURLOPT_PROGRESSFUNCTION, function(
$DownloadSize, $Downloaded, $UploadSize, $Uploaded) {
// If $Downloaded exceeds 1KB, returning non-0 breaks the connection!
return ($Downloaded > (1 * 1024)) ? 1 : 0;
});
curl_setopt($cURL_Handle, CURLOPT_WRITEFUNCTION, function(
$ch, $str) {
// Grab the first bytes, check if match a image "header signature"
});
Upvotes: 0
Related Questions
- PHP/Curl: How do I display images from an external API?
- PHP - create thumbnail image from url
- Alternative to file_get_contents and curl to get remote image
- How to handle php generated images (without extension)?
- Get remote image thumbnails and links with php
- Create thumbnails from URLs using PHP
- Image Thumbnails & Downloading Them
- PHP Security Risks - Pass image into GET and output it as result
- safely handling remote "hotlinked" images
- Create thunmbnail from urls?