At 01:43 07.01.2003, Rickard Andersson wrote:
getimagesize() blindly trusts the width and height specified in the header of gifs. You can just hexedit the file and set the width and height to any value and getimagesize() will believe that is the "true size" of the image. Even worse - Internet Explorer ignores the width and height in the header and thus it is possible to, for instance, upload a much larger image in an upload form that uses getimagesize() than what is allowed. I believe getimagesize() should just skip the header and read the size from the beginning of the "Image Block".
The advantage is that this would retrieve the correct size even for gifs with multiple images. On the other hand the disadvantage is speed loss.
I'd be glad to write a patch for image.c (function php_handle_gif()), but I though I should ask you guys first. I wouldn't want to do it in vain. As it is now I've got PHP code that checks this for me to prevent "malicious" users from uploading huge avatars in my forum software.
Your scenario described above seems like a reason to accept the the speed loss. So send an unified patch and we will have a look on it. regards marcus -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
