My mistake, I forgot about GD. I'd use GD, it may save a bit of time.
Good point Ma'moon On 3 December 2010 09:34, Ma'moon <[email protected]> wrote: > Am sorry, i mean to say "From Users Side" :) > And no, am not using any plugins for that, i have my own implementation for > file upload in CakePHP, basically you would do something like: > exec('convert input_file_path output_file_path'); > in order to convert an image, you can also use imagemagick driver if you > have it compiled with your PHP installation > http://php.net/manual/en/book.imagick.php or you may also use GD functions > to perform this task > > > On Fri, Dec 3, 2010 at 11:26 AM, netusco <[email protected]> wrote: > >> >> >> On Dec 3, 8:48 am, "Ma'moon" <[email protected]> wrote: >> > You can easily remove the threat by using an image conversion, i use >> > `convert` to convert my images to a standard image type, the conversion >> > process changes the physical content of the uploaded file and destroys >> all >> > the threat that it might contain while maintaining the valid images if >> they >> > were valid from the first place!, its very important to `convert` the >> images >> > specially the ones uploaded from your side! >> > >> >> Why the ones uploaded from my side? And do you use a cakephp plugin >> for that? >> >> >> >> >> > On Fri, Dec 3, 2010 at 6:15 AM, cricket <[email protected]> wrote: >> > > On Thu, Dec 2, 2010 at 8:25 PM, euromark <[email protected]> >> > > wrote: >> > > > Did anyone try this? >> > > >http://wafful.org/2007/08/04/php-code-in-gif-image-file/ >> > >> > > > I am wondering if miles uploader script or any other uploader plugin >> > > > is aware of that risk yet. >> > > > Or how dangerous this actually is for "normal" cake apps. >> > >> > > > Anyone happen to have such a "bad" image at hand? >> > > > Drop me a line and I will report back with details. >> > >> > > > I think <?php phpinfo();?> would be a good script to include >> > >> > > I never did look into that further to see if there's something that >> > > can easily be done to catch those. But I've never been too concerned, >> > > either. Notice that the code embedded in the image is triggered >> > > because the file is included inside a PHP script. The only other way >> > > that I know of to use this exploit is to upload an image named >> > > something.gif.php. I always check both the extension and file type. If >> > > there's something I'm missing, though, I'd like to hear more. >> > >> > > Check out the new CakePHP Questions sitehttp://cakeqs.organd help >> others >> > > with their CakePHP related questions. >> > >> > > You received this message because you are subscribed to the Google >> Groups >> > > "CakePHP" group. >> > > To post to this group, send email to [email protected] >> > > To unsubscribe from this group, send email to >> > > [email protected]<cake-php%[email protected]> >> <cake-php%[email protected]<cake-php%[email protected]>>For >> more options, visit this group at >> > >http://groups.google.com/group/cake-php?hl=en >> >> Check out the new CakePHP Questions site http://cakeqs.org and help >> others with their CakePHP related questions. >> >> You received this message because you are subscribed to the Google Groups >> "CakePHP" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected]<cake-php%[email protected]>For >> more options, visit this group at >> http://groups.google.com/group/cake-php?hl=en >> > > Check out the new CakePHP Questions site http://cakeqs.org and help > others with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected]<cake-php%[email protected]>For > more options, visit this group at > http://groups.google.com/group/cake-php?hl=en > -- Kind Regards Stephen @ NinjaCoderMonkey www.ninjacodermonkey.co.uk Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
