Reputation: 31
Prevent hidden files embedded in images from being uploaded to server
I've noticed that it is possible to store hidden files within JPG/GIF/PNG images, which could include illegal images or collections of them in .rar format. Users may exploit this to upload and share illicit content amongst themselves on seemingly average images to the naked eye, on any website that allows image uploading.
I could not find any source on the internet that deals with having PHP prevent image files from containing other files inside of them, and I hope someone can point me in the right direction. The following is not enough to detect additional content within a file, as the exif will still be a match to the file's extension:
if (exif_imagetype($imagefile['tmp_name']), IMAGETYPE_GIF) { //code; }
Upvotes: 0
Views: 174
Answers (1)
Reputation: 585
I'm not 100% sure if this would work, but perhaps creating a new image using the GD / Imagemagick commands could strip out the extra hidden data.
Upvotes: 1
Related Questions
- PHP image uploads: how do I protect against images containning code?
- Obfuscate image directory using PHP?
- Block certain files from being uploaded
- How to prevent images from access
- Block upload of executable images (PHP)
- Only allow image files to be uploaded to my server with PHP
- How to prevent unwanted files when a website offers image upload using PHP?
- Is it possible to not expose my directory where I upload images?
- Hide filenames for product images
- Protect html/php/image files from tracking