How To Block Fake image Files

See all posts See thread Reply

Re: How To Block Fake image Files new!
by colin, 15 years ago
As I say above, you need to have a least one MIME type detection method that works on your server. Either Fileinfo, either unix file, either mime.magic. You may want to use getimagesize() as you indicate, but it is not reliable.

If your server cannot detect MIME types, then you will have to trust the browser, and will not be able to stop malicious files being renamed as pictures for instance.

What operating system are you using? On Unix and MacOS, you should have the file command working. Or you can install the PECL extension Fileinfo. Note that I am not supporting the class when used on Windows.Reply