Cnab
Cnab

Reputation: 49

getimagesize() is not working with PNG images having HTTPS

i have this image:

  $imgurl = 'https://www.danmurphys.com.au/media/DM/Product/308x385/913411_0_9999_med_v1_m56577569854513142.png';

I have tried these both codes

  1. $image = @getimagesize($imgurl);
    print_r($image);
    

Gives no result.

See 2nd case below starts with function getRanger

  1. public static function getRanger($url){
        $headers = array(
        "Range: bytes=0-327680"
        );
    
        $curl = curl_init($url);
        curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        $data = curl_exec($curl);
        curl_close($curl);
        return $data;
    }
    
    $raw    = self::getRanger($imgurl);
    $im     = imagecreatefromstring($raw);
    
    $width  = imagesx($im);
    $height = imagesy($im);
    
    echo $width;
    echo $height;
    

Both gives me empty result. can some of you can help me.

Thanks in advance.

Upvotes: 0

Views: 2991

Answers (2)

Josh Lamb
Josh Lamb

Reputation: 31

I know it's been a while since this answer was accepted, but it didn't quite fit my use case so I wanted to add this. In the OP's example, they had an HTTPS url with a certificate that failed SSL checks. In my case, I'm using TCPDF to convert HTML to a PDF, where the HTML contains an img tag making a call to an HTTPS server with a self-signed cert. TCPDF hard-codes a call to $img_size = @getimagesize() so it's not an option to replace it with some custom function.

1. Custom Context When Possible

Works for functions accepting a context, such as file_get_contents

<?php
// Create a read context that disables peer verification when used
$context = stream_context_create(array(
    'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false,
    )
));

// The self-signed server URL
$url = 'https://domain.tld/doc.png';

// Make this the global default context
stream_context_set_default($context);
$content = file_get_contents($url);

// OR use in a specific function call without changing global context
$content = file_get_contents($url, false, $context);

2. Stream Wrapper Solution

Works with GD library functions including getimagesize

<?php
// Unregister existing https handling
stream_wrapper_unregister('https');

// Register the custom handler
stream_wrapper_register('https', "HttpsInsecureStream", STREAM_IS_URL);

/**
 * Content is read with CURL into a tmpfile that is deleted as soon as the stream is closed
 */
class HttpsInsecureStream {
    public $context = null;

    public function __construct() {
        $this->context = tmpfile();
    }

    public function stream_open($path,$mode,$options,&$opened_path){
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $path);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
        fwrite($this->context, curl_exec($curl));
        rewind($this->context);
        curl_close($curl);
        return true;
    }

    public function stream_stat() {
        return fstat($this->context);
    }

    public function stream_seek($seek_offset, $seek_whence) {
        return (fseek($this->context, $seek_offset, $seek_whence) === 0);
    }

    public function stream_tell(){
        return ftell($this->context);
    }

    public function stream_read($read_buffer_size){
        $result = fread($this->context, $read_buffer_size);
        return $result;
    }

    public function stream_write($write_data){
        return fwrite($this->context, $write_data);
    }

    public function stream_eof(){
        return feof($this->context);
    }

    public function stream_close () {
        return fclose($this->context);
    }

    public function stream_flush () {
        return fflush($this->context);
    }

    public function url_stat ($path ,$flags ) {
        return $this->stream_stat();
    }

    /* These functions are not implemented in this example, not sure if 
     * any of them make sense in the context of an HTTPS request.
     * Including them as a reference for the other handler functions that
     * are possible to implement in custom stream handler classes.
     */

    /*
    public function dir_closedir() { echo 1; return true; }
    public function dir_opendir ($path , $options ) { echo 2; return true; }
    public function dir_readdir () { echo 3; return true; }
    public function dir_rewinddir () { echo 4; return true; }
    public function mkdir ($path ,$mode ,$options ) { echo 5; return true; }
    public function rename ($path_from ,$path_to ) { echo 6; return true; }
    public function rmdir ($path ,$options ) { echo 7; return true; }

    public function stream_cast ($cast_as ) { echo 8; return $this->resource; }
    public function stream_lock ($operation ) { echo 'A'; return true; }
    public function stream_metadata ($path ,$option , mixed $value ) { echo 'B'; return true; }
    public function stream_set_option ($option ,$arg1 ,$arg2 ) { echo 'C'; return true; }
    public function stream_truncate ($new_size ) { echo 'D'; return true; }

    public function unlink ($path ) { echo 'E'; return true; }
    */
}

I want to be clear that the above examples show how to get this to work, but is INSECURE. I am using this on a dev server, if I had to make this work in production I would use the CURLOPT_CAINFO option (see @Zenithies solution above).

Reference: https://www.php.net/manual/en/class.streamwrapper.php

Upvotes: 3

Zenithies
Zenithies

Reputation: 66

2nd one is nearly there.

I am quite sure that calling

echo curl_error($curl);

after curl's execution will give you: SSL certificate problem: unable to get local issuer certificate

Basically there are two ways to fix this -

Proper way

download cacert.pem file from https://curl.haxx.se/docs/caextract.html, save it somewhere where your script can reach it and add following line before curl_exec(); call

    // Add certification atuhority info
    curl_setopt($curl, CURLOPT_CAINFO, './path/to/cacert.pem'); 

Note, this won't work with self-signed SSL Certificates

Quick fix

You might want to make SSL checks 'loose'.

    // disable SSL checks
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);

Note, this method will work even with self-signed SSL Certificates, but doing so is considered insecure.

Upvotes: 2

Related Questions