图片上传安全 - 使用 GD 重新处理 [英] Image upload security - reprocess with GD

问题描述

我听说处理上传图像的最佳方法是使用 GD 库重新处理"它们并保存处理后的图像.参见:PHP图片上传安全检查清单

我的问题是如何在 GD 中进行这种重新处理"?这究竟是什么意思?我对GD库不是很了解，怕把它搞砸了...

I've heard that the best way to handle uploaded images is to "re-process" them using the GD library and save the processed image. see: PHP image upload security check list

My question is how do this "re-processing" in GD? What this means exactly? I don't know the GD library very well and I'm afraid I will mess it up...

所以如果有人之前做过这件事，你能给我举个例子吗?

So if anyone who did this before could you give me an example for this?

(我知道，另一种选择是使用 ImageMagick.对于 ImageMagick，我在这里找到了答案:使用 PHP 从 JPG 中删除 EXIF 数据，但我现在不能使用 ImgMagick.顺便说一句.. 在这种情况下，删除 EXIF 数据意味着完全重新创建图像?)
(如果有人感兴趣，我正在使用 Zend 框架.)

(I know, another other option is to use ImageMagick. For ImageMagick I found an answer here: Remove EXIF data from JPG using PHP, but I can't use ImgMagick now. By the way.. removing EXIF data means completely recreate the image in this case?)
(I'm using Zend Framework if someone interested.)

推荐答案

如果用户上传了一个 JPEG 文件，你可以做这样的事情来重新处理它:

If the user uploads a JPEG file, you could do something like this to reprocess it:

$newIm = @imagecreatefromjpeg($_FILES['file']['tmp_name']);
if (!$newIm) {
    // gd could not create an image from the source
    // most likely, the file was not a valid jpeg image
}

然后您可以使用 imagedestroy() 丢弃 $newIm 图像并使用从用户上传的文件，或者从 GD 中保存图像并使用它.保存 GD 图像可能存在一些问题，因为它不是原始图像.

You could then discard the $newIm image using imagedestroy() and use the uploaded file from the user, or save out the image from GD and use that. There could be some issues with saving the GD image as it is not the original image.

另一种简单的方法是检查图像文件的标题(前几个字节)以确保其正确；例如，所有 JPEG 文件都以 0xff 0xd8 开头.

Another simple method would be to check the header (first several bytes) of the image file to make sure it is correct; for example all JPEG files begin with 0xff 0xd8.

另见imagecreatefromstring()，你也可以使用getimagesize() 对上传的图片运行类似的检查.

See also imagecreatefromstring(), and you can also use getimagesize() to run similar checks on the uploaded image.

这篇关于图片上传安全 - 使用 GD 重新处理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！