如何验证图像文件上传

如何验证图像文件上传

本文介绍了安全性:如何验证图像文件上传?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要接受用户上传的图像文件.

I need to accept image file uploads from the users.

如何检查并100%确保没有恶意文件或其他东西?

How can I check and be 100% sure that I don't get a malicious file or something?

检查MIME类型?重新绘制图像?防病毒?

Check the mime type? Re-draw the image? Anti-virus?

推荐答案

重新绘制图像,并使用 GD imagecreatefromXXX()并用imageXXX()

Redraw the image, read it up with GD's imagecreatefromXXX() and save it back with imageXXX()

通过这种方式,您还可以将其缩放到更方便的大小,并控制带宽消耗.

This way you can also scale it to more convenient sizes and keep bandwidth consumption in check.

为节省计算能力,请拒绝上传大于特定限制的文件.

To save on computing power, deny upload to files bigger than a certain limit.

根据限制,5兆或10兆应该没事.

5megs or 10megs should be fine, as limits go.

保持GD更新,并要警惕(显然是7年前) 在处理 PNG图片

Keep GD updated, and be wary that (7 years ago, apparently) it used to sport buffer overflows in the handling of PNG images

最后的警告:在Windo(w)s convert也是用于格式化硬盘的命令,因此如果您要消除歧义,请花点力气.部署.

Last note of warning: on Windo(w)s convert is also a command used to format hard disk, so put some effort into removing abiguities if you deploy on that.

这篇关于安全性:如何验证图像文件上传?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!