100% 安全的照片上传脚本 [英] 100% safe photo upload script

问题描述

问题很简单.如何使用 php 制作 100% 安全的照片上传脚本?是否有任何教程可以显示所有可能的安全漏洞?

Question is simple. How can I make 100% safe photo upload script with php? Is there any tutorials which shows all possible safeness's gaps?

不要让我看这个问题，因为他们只谈论大小.但我想确定的是，没有人可以上传 shell 和其他东西.因为它是一个大网站，需要 100% 安全的照片上传脚本.

Do not offer me to look at this question, because there they talk only about size. But I want to be sure, that nobody can upload shell and other stuff. Because it's a big website which need 100% safe photo upload script.

或者我应该允许会员将图片上传到像 imagehack 这样的容器并将他们的链接复制到我的网站?我想它是 100% 安全的，对吗?

or maybe I should allow members to upload pics to receptacles like imageshack and copy their link to my website? I guess it is 100% safe, right?

推荐答案

其实很简单.通过已知安全的图像过滤器运行所有上传的图像.如果它返回不是图像错误"，那么您就有恶作剧了.(一个简单的例子是身份转换，或 JPEG 质量标准化技术.)重要的一点是，实际上使用过滤器的输出，而不是原始文件.

It's really rather simple. Run all uploaded images through an image filter that is known to be safe. If it kicks back with a "Not an image error", you have shenanigans. (A simple example would be an identity transform, or a JPEG quality normalization technique.) An important point, tho', is to actually use the output from the filter, not the original file.

这篇关于100% 安全的照片上传脚本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！