我可以“回声"吗?通过php而不处理它的.jpg图片? [英] Can I "echo" a .jpg image through php without processing it?
问题描述
想象一下:
<img src="/image.php?image=5.jpg" />
现在,在image.php
中:
header('content-type: image/jpeg');
$image = imagecreatefromjpeg($_GET['image']);
imagejpeg($image,NULL,100);
这有效,但是脚本通过这种方式加载图像,对其进行处理然后回显图像.无需处理图像就可以做到吗?
之所以要这样做,是因为我不想让人们知道图像的位置,因此我不想将完整路径写入img
src属性.
我只需要将原始图像发送到浏览器,而无需透露其真实位置.
是的,可以.只需 readfile
而不是imagecreatefromXXX
+ imagejpeg
.
header('Content-Type: image/jpeg');
$src = /* process $_GET['image'] to recover the path */;
readfile($src);
/* process $_GET['images'] to recover the path */
部分意味着您需要对输入进行任何清理,以避免有人请求禁止的文件.如果您的脚本输入是文件路径,则可能意味着从预定义的列表中进行检查,剥离可能的目录分隔符,对正则表达式进行检查等.另一种方法是将路径存储在数据库中,并将简单的id传递给脚本,然后使用它恢复文件路径.这可能是一个更好的主意,因为用户在脚本URL上看不到任何文件路径(如果您仅传递路径,人们实际上可以猜测文件在哪里,而这就是您要防止的东西).>
Imagine the following:
<img src="/image.php?image=5.jpg" />
Now, in image.php
:
header('content-type: image/jpeg');
$image = imagecreatefromjpeg($_GET['image']);
imagejpeg($image,NULL,100);
This works, but this way the script loads the image, processes it, then echoes it. Can this be done without processing the image?
The reason why I want to do it this way is that I don't want people to know where the images are located, therefore I don't want to write the full path into the img
src attribute.
I just need to send raw images to the browser, but without revealing their true location.
Yes, you can. Just readfile
instead of imagecreatefromXXX
+imagejpeg
.
header('Content-Type: image/jpeg');
$src = /* process $_GET['image'] to recover the path */;
readfile($src);
The /* process $_GET['images'] to recover the path */
part implies any sanitizing you need to do on the input to avoid that someone requests a forbidden file. If your script input is a file path, this may mean checking from a predefined list, stripping of possible directory separators, checking against a regex, etc. Another way would be to store paths inside a database and pass the script a simple id, and recover the file path with it. This might be a better idea, as users will see no mention of any file path on the script URL (if you just pass a path, people can actually guess where files are, and that's what you're trying to prevent).
这篇关于我可以“回声"吗?通过php而不处理它的.jpg图片?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!