图片上传安全性-使用GD重新处理 [英] Image upload security - reprocess with GD

问题描述

我听说处理上载图像的最佳方法是使用GD库对它们进行重新处理"并保存处理后的图像.请参阅: PHP图像上传安全性检查列表

我的问题是在GD中如何重新处理"?这到底是什么意思?我不太了解GD库，恐怕会把它弄乱了……

I've heard that the best way to handle uploaded images is to "re-process" them using the GD library and save the processed image. see: PHP image upload security check list

My question is how do this "re-processing" in GD? What this means exactly? I don't know the GD library very well and I'm afraid I will mess it up...

因此，如果以前曾做过此事的人能给我一个例子吗?

So if anyone who did this before could you give me an example for this?

(我知道，另一种选择是使用ImageMagick.对于ImageMagick，我在这里找到了答案:

(I know, another other option is to use ImageMagick. For ImageMagick I found an answer here: Remove EXIF data from JPG using PHP, but I can't use ImgMagick now. By the way.. removing EXIF data means completely recreate the image in this case?)
(I'm using Zend Framework if someone interested.)

推荐答案

如果用户上传JPEG文件，则可以执行以下操作来对其进行重新处理:

If the user uploads a JPEG file, you could do something like this to reprocess it:

$newIm = @imagecreatefromjpeg($_FILES['file']['tmp_name']);
if (!$newIm) {
    // gd could not create an image from the source
    // most likely, the file was not a valid jpeg image
}

然后您可以使用 imagedestroy()丢弃$newIm图片，并使用用户上传的文件，或从GD中保存图像并使用它.保存GD图像不是原始图像，可能会出现一些问题.

You could then discard the $newIm image using imagedestroy() and use the uploaded file from the user, or save out the image from GD and use that. There could be some issues with saving the GD image as it is not the original image.

另一种简单的方法是检查图像文件的头(前几个字节)以确保它是正确的.例如，所有JPEG文件都以0xff 0xd8开头.

Another simple method would be to check the header (first several bytes) of the image file to make sure it is correct; for example all JPEG files begin with 0xff 0xd8.

另请参见 imagecreatefromstring()，您也可以使用 getimagesize()可以对上传的图像进行类似的检查.

See also imagecreatefromstring(), and you can also use getimagesize() to run similar checks on the uploaded image.

这篇关于图片上传安全性-使用GD重新处理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！