Edit report at http://bugs.php.net/bug.php?id=18052&edit=1
ID: 18052
Updated by: johan...@php.net
Reported by: arpen at home dot se
Summary: getimagesize() should not trust the header info in
gifs
-Status: Open
+Status: Bogus
Type: Feature/Change Request
-Package: Feature/Change Request
+Package: *General Issues
Operating System: Linux
PHP Version: 4.2.1
Block user comment: N
Private report: N
New Comment:
use imagefromgif() or similar for correct info. getimagesize is a quick
check.
Previous Comments:
------------------------------------------------------------------------
[2002-06-28 16:23:00] arpen at home dot se
Oh, ok. My bad. I just figured it was a bug since getimagesize() can't
determine the correct size.
------------------------------------------------------------------------
[2002-06-28 16:12:57] der...@php.net
Not a bug... making it a feature request
------------------------------------------------------------------------
[2002-06-28 16:09:39] arpen at home dot se
This is, as far as I know, "reproduceable" in all PHP versions and on on
plattforms.
------------------------------------------------------------------------
[2002-06-28 15:27:23] arpen at home dot se
getimagesize() blindly trusts the width and height specified in the
header of gifs. You can just hexedit the file and set the width and
height to any value and getimagesize() will believe that is the "true
size" of the image. Even worse - Internet Explorer ignores the width and
height in the header and thus it is possible to, for instance, upload a
much larger image in an upload form that uses getimagesize() than what
is allowed. I believe getimagesize() should just skip the header and
read the size from the beginning of the "Image Block".
http://www.goice.co.jp/member/mo/formats/gif.html
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=18052&edit=1
