On 10/31/06, Ken Robinson <[EMAIL PROTECTED]> wrote:
> Quick example (no error checking done...)
> Main script
> <?php
> <img src="tn.php?f=image.jpg">
> ?>
>
> tn.php:
> <?php
> $image = exif_thumbnail($_GET['f'], $width, $height, $type);
> header('Content-type: '
> .image_type_to_mime_type($type));
> echo $image;
> ?>
>
I'm not sure what exif_thumbnail() would do with a non-image, but to
protect against $_GET['f'] == "../../../etc/passwd" you'd probably
better make that:
<?php
$imagesource = '/path/to/images';
$imagepath = $imagesource.'/'.$_GET['f'];
if ( strpos( $imagepath, '..' ) === TRUE ) exit("No way.");
$image = exif_thumbnail( $imagepath, $width, $height, $type );
header('Content-type: ' .image_type_to_mime_type($type));
header('Content-length: '.strlen($image));
echo $image;
?>
--
Chris Snyder
http://chxo.com/
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
