如何检测所选图像是否为有效图像？ [英] How do detect if the selected image for upload is a valid image?

问题描述

我正在实现一个脚本，用于验证图像以便使用php上传。实际上，PHP脚本与gif，png和jpg图像文件一起运行良好，但是当我有一个条件：

I'm implementing a script which to validate an image for upload using php. Actually, the php script is working well with gif, png, and jpg image file, but when i have one condition that:

1. 我拿了图像 theFileName.bmp 并将其扩展名重命名为 theFileName.jpg 。


2. 然后我选择要重命名的上传。

1. I took an image theFileName.bmp and renamed its extension to theFileName.jpg.
2. Then I select the renamed one to upload.

我在计算机上手动重命名了图像文件名，然后我选择了文件到上传。

I renamed the image file name manually on my computer and then I selected the file to upload.

上传过程大约需要2到3秒，然后什么都没有显示（甚至没有出现错误），只显示来自浏览器的默认消息：

The uploading process tooks around 2 or 3 seconds then nothing showed up (not even an error), only the default message from browser displayed:

与localhost的连接中断。

The connection to localhost was interrupted.

我该怎么办？阻止用户选择不是实际有效图像的图像文件（以及任何其他文件）？

How can I prevent the user from selecting an image file (and any other file for that matter) which is not an actual valid image?

最后，我设法提出了自己的解决方案。这有点长，但至少它可以完成工作！希望它可以帮到某人。

Finally, I managed to come up with my own solutions. It's a bit long but at least it can get the work done! Hope it might help someone.

1. 它有助于防止用户上传不想要mime-type


2. 阻止用户使用文本文件并重命名其扩展名等。


3. 阻止用户使用文本文件并更改其mime类型


4. 防止该文件是未读的


5. 防止文件包含错误


6. 防止上传而不是http


7. 预防从图像文件大小宽度：0，高度：0



8. 还有更多的东西要验证和检查，以确保它是安全的。

1. It helps prevent from user upload not wanted mime-type
2. Prevent from user uses text file and renamed its extension and so on.
3. Prevent from user uses text file and changes its mime-type
4. Prevent from the file is unreadale
5. Prevent from the file contains error
6. Prevent from upload not an http
7. Prevent from the image file size width: 0, height: 0

8. There are still more things to validate and check in order to make sure it's safe by this means.

# CHECK & TRY READ IMAGE FILE
function is_readable_image( $theTmpFileloc ){
    try {
        if ( !getimagesize( $theTmpFileloc ) ){
            # THE IMAGE IS UNREADABLE
            return false;
        }
        # THE IMAGE IS READABLE
        return true;

    }catch( Exception $e ){
        # THE IMAGE IS OTHER FILE
        return false;
    }
}
# READ AND RETURN AN ARRAY OF IMAGE SIZES
function get_image_size( $theTmpFileloc ){
    $imageSizes = array();
    $tmpResults = getimagesize( $theTmpFileloc );
    $imageSizes['width']  = $tmpResults[0];
    $imageSizes['height'] = $tmpResults[1];

    # IF EITHER WIDTH OR HEIGHT = 0, RETURN FALSE
    if ( $tmpResults[0] == 0 || $tmpResults[1] == 0 ) {
        return false;
    }

    return $imageSizes;
}
# READ AND RETURN AN IMAGE ACTUAL MIMETYPE
function get_image_mime( $theTmpFileloc ){
    $imageMime  = '';
    $tmpResults = getimagesize( $theTmpFileloc );
    $imageMime  = $tmpResults['mime'];

    return $imageMime;
}

# START OF PHP TO VALIDATE IMAGE FILE
if ( isset($_FILES['postImage']) && !empty($_FILES['postImage']['name']) ) {
    $tmpFileLoc      = $_FILES['postImage']['tmp_name'];
    $array_file_type = array('image/gif', 'image/png', 'image/x-png', 'image/jpeg', 'image/pjpeg');

    if ( $_FILES['postImage']['error'] == 1 ) {
        # THE IMAGE FILE CONTAINS ERROR
        $resMessage['Error']        = true;

    }elseif ( !is_uploaded_file( $tmpFileLoc ) ) {
        # PREVENT FROM UPLOADING FROM EXTERNAL SOURCE NOT HTTP
        $resMessage['Error']        = true;

    }elseif ( !is_readable_image( $tmpFileLoc ) ) {
        # PREVENT FROM IMAGE IS INVALID OR OTHER MIMETYPE
        $resMessage['Error']        = true;

    }elseif ( !get_image_size( $tmpFileLoc ) ) {
        # PREVENT FROM IMAGE SIZE 0, 0 OR INVALID ACTUAL MIMETYPE
        $resMessage['Error']        = true;

    }elseif ( !in_array( get_image_mime( $tmpFileLoc ), $array_file_type) ) {
        # LEVEL 2 OF CHECKING AN IMAGE MIMETYPE
        $resMessage['Error']        = true;

    }else {
        # other checks with file extension, max_size, 
        # dir is_writable and so on then move to move_uploaded_file
    }   
}

推荐答案

到为你的php脚本提供更多安全性你应该使用getimagesize（）。如果它返回FALSE则不是图像。还要确保文件不是太小。另外你可以使用GD库。

To give more security to your php script you should Use getimagesize(). If it returns FALSE it is not an image. Try also to make sure that the file is not too small. In addition you can use GD library.

很抱歉推迟了你。你应该在下次LOL时给我们一个很好的例子。

Sorry for delaying you. you should give us a good example next time LOL.

这篇关于如何检测所选图像是否为有效图像？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！