Re: [PHP] security of uploaded gif files

2006-01-22 Thread PHP Superman
i think you guys are talking about the using the gd library, it may be possible so when you upload check for any php code or other data On 1/22/06, Rory Browne [EMAIL PROTECTED] wrote: I'd be a bit skeptical about the possibly of embedding PHP code inside a GIF file. Could you outline how he

Re: [PHP] security of uploaded gif files

2006-01-22 Thread Mark Krenz
Perhaps this would be a problem if you wrote a PHP program to reverse stenography on images it receives and execute them. ;-) On Sun, Jan 22, 2006 at 10:58:37AM GMT, Rory Browne [EMAIL PROTECTED] said the following: I'd be a bit skeptical about the possibly of embedding PHP code inside a

Re: [PHP] security of uploaded gif files

2006-01-22 Thread tedd
i think you guys are talking about the using the gd library, it may be possible so when you upload check for any php code or other data On 1/22/06, Rory Browne [EMAIL PROTECTED] wrote: I'd be a bit skeptical about the possibly of embedding PHP code inside a GIF file. Could you outline how he

Re: [PHP] security of uploaded gif files

2006-01-22 Thread Sameer N Ingole
Rory Browne wrote: I'd be a bit skeptical about the possibly of embedding PHP code inside a GIF file. Could you outline how he performed the task? On 1/22/06, jonathan [EMAIL PROTECTED] wrote: what is the best way to prevent malicious code from being uploaded via a .gif file? A friend

Re: [PHP] security of uploaded gif files

2006-01-22 Thread PHP Superman
sorry guys if i'm wrong, but ?php header(Content-type: image/png); $im = imagecreate(1, 1) or die(Cannot Initialize new GD image stream); $background_color = imagecolorallocate($im, 252, 255, 255); $text_color = imagecolorallocate($im, 233, 14, 91); imagestring($im, 1000,

Re: [PHP] security of uploaded gif files

2006-01-22 Thread jonathan
this is a little my fault. the example my friend showed me was a retracing of the example he saw in Pro PHP Security (p284). Basically, the short of the example is that a valid gif image could be uploaded with the extension .php and pass a getimagesize because it would have the necessary

Re: [PHP] security of uploaded gif files

2006-01-22 Thread Rory Browne
Or put it in a directory with no PHP or CGI. On 1/22/06, jonathan [EMAIL PROTECTED] wrote: this is a little my fault. the example my friend showed me was a retracing of the example he saw in Pro PHP Security (p284). Basically, the short of the example is that a valid gif image could be

[PHP] security of uploaded gif files

2006-01-21 Thread jonathan
what is the best way to prevent malicious code from being uploaded via a .gif file? A friend showed me how php could be embedded within the .gif file. Does this problem also exist for .jpeg's? thanks, jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: