I'd use GD, it may save a bit of time.
Good point Ma'moon
On 3 December 2010 09:34, Ma'moon <phpirate@gmail.com> wrote:
Am sorry, i mean to say "From Users Side" :)
And no, am not using any plugins for that, i have my own implementation for file upload in CakePHP, basically you would do something like:
exec('convert input_file_path output_file_path');
in order to convert an image, you can also use imagemagick driver if you have it compiled with your PHP installation http://php.net/manual/en/book.imagick.php or you may also use GD functions to perform this task
On Fri, Dec 3, 2010 at 11:26 AM, netusco <ernestconill@gmail.com> wrote:Why the ones uploaded from my side? And do you use a cakephp plugin
On Dec 3, 8:48 am, "Ma'moon" <phpir...@gmail.com> wrote:
> You can easily remove the threat by using an image conversion, i use
> `convert` to convert my images to a standard image type, the conversion
> process changes the physical content of the uploaded file and destroys all
> the threat that it might contain while maintaining the valid images if they
> were valid from the first place!, its very important to `convert` the images
> specially the ones uploaded from your side!
>
for that?
> On Fri, Dec 3, 2010 at 6:15 AM, cricket <zijn.digi...@gmail.com> wrote:
> > On Thu, Dec 2, 2010 at 8:25 PM, euromark <dereurom...@googlemail.com>
> > wrote:> > Check out the new CakePHP Questions sitehttp://cakeqs.organd help others
> > > Did anyone try this?
> > >http://wafful.org/2007/08/04/php-code-in-gif-image-file/
>
> > > I am wondering if miles uploader script or any other uploader plugin
> > > is aware of that risk yet.
> > > Or how dangerous this actually is for "normal" cake apps.
>
> > > Anyone happen to have such a "bad" image at hand?
> > > Drop me a line and I will report back with details.
>
> > > I think <?php phpinfo();?> would be a good script to include
>
> > I never did look into that further to see if there's something that
> > can easily be done to catch those. But I've never been too concerned,
> > either. Notice that the code embedded in the image is triggered
> > because the file is included inside a PHP script. The only other way
> > that I know of to use this exploit is to upload an image named
> > something.gif.php. I always check both the extension and file type. If
> > there's something I'm missing, though, I'd like to hear more.
>
> > with their CakePHP related questions.> > cake-php+unsubscribe@googlegroups.com<cake-php%2Bunsubscribe@googlegroups.com>For more options, visit this group at
>
> > You received this message because you are subscribed to the Google Groups
> > "CakePHP" group.
> > To post to this group, send email to cake-php@googlegroups.com
> > To unsubscribe from this group, send email to
> >http://groups.google.com/group/cake-php?hl=en
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
--
Kind Regards
Stephen @ NinjaCoderMonkey
www.ninjacodermonkey.co.uk
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
No comments:
Post a Comment