Reputation: 939
Safe use of ImageMagick convert
I am planning on using the following to resize animated GIFs.
Would it be recommended to do other checks on the file before passing to convert? The filename is auto-generated in the upload script.
$filename = escapeshellarg($filename);
exec('convert image.gif -resize 150x400^ -gravity center -extent 150x400 ' . $filename);
Upvotes: 2
Views: 274
Answers (2)
Reputation: 90213
You should use
convertwith prepending the absolute path to the executable that you want to execute.You should be sure that you can trust the
convertcommand which you want to execute.You should prepend the absolute path to the input file which you want to process.
You should check for file size, (magic) file format, pixel dimensions and layer canvas geometry of the input file you want to process. For example:
identify \ -format "%f : bytes=%b format=%m width=%w height=%h canvas=%g\n" \ /path/to/input/image(Make yourself familiar with the meanings of
%f,%b,%m,%w,%hand%ghere.)You should prepend the absolute path to the output file which you want to write.
You should be very sure that
$filenameis not containing unwanted characters.
Upvotes: 2
Reputation: 2193
if file name in not from user input (even part of it) and you generate it with random character or data like user id, and you can be absolutely sure there is no unwanted data or characters in it, there is no need to be worry.
Upvotes: 0
Related Questions
- Can't Use ImageMagick (convert) command in PHP
- PHP how to use ImageMagick convert in php
- PHP: How to run convert imagemagick commands correctly?
- Security concern regarding PHP image conversion
- Using CONVERT from Imagemagick in PHP page
- Imagemagick exec and convert
- Moving from convert command to straight PHP for ImageMagick
- PHP use of IMAGEMAGICK or imagick or magicwand
- imagemagick convert does not work through php
- ImageMagick - what do i need to be aware of?