Marcus Börger schrieb: > At 01:43 07.01.2003, Rickard Andersson wrote: > >getimagesize() blindly trusts the width and height > >specified in the header > >of gifs. You can just hexedit the file and set the width > >and height to any > >value and getimagesize() will believe that is the "true > >size" of the image. > >Even worse - Internet Explorer ignores the width and > >height in the header
> >I'd be glad to write a patch for image.c (function > >php_handle_gif()), but I > >though I should ask you guys first. I wouldn't want to > >do it in vain. As it > >is now I've got PHP code that checks this for me to > >prevent "malicious" > >users from uploading huge avatars in my forum software. > > Your scenario described above seems like a reason to > accept the the > speed loss. So send an unified patch and we will have a > look on it. Marcus: could you specify the speed loss? If it's noticeable I would rather suggest to either introduce a new function or another parameter to getimagesize(), no matter what the default is (e.g. let getimagesize() get the "real" size and introduce something like getimagesize_fast()) or the other way around. Regards, Sebastian Nohn -- [EMAIL PROTECTED] - http://nohn.net/ -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
