According to Secure User Image Upload Capabilities in PHP, the recommended way is to manage images uploading’s security is to copy the incoming image with GD/ImageMagick/… (and set it with a random name).
Ok. I have the following questions.
1st.
In our page we have the possibility of cropping the image. So:
- First we download the image uploaded by the user, saving it in temp with a random name.
- Then we load it in our view so user can crop it.
- The image cropped is created with GD.
Is it risky to load the image without having processed with GD first?
2nd
Is process the image with GD enough? I’ve seen this answer: Block upload of executable images (PHP)
which says is not (in opposite to the first link and other answers I’ve seen on topic).
Thanks!
PS: Programming with Codeigniter.
1st:
That should be good enough. Make sure that the images are only temporarily accessible and are deleted right after everything is done (I would probably also set up a cron job to clean the temporary image directory every so often, but that depends where you store it). As said in the answer you posted, remember to sanitize name and also make sure you have correctly set permissions. Also beware of null byte injection and directory traversal (again just repeating the answer you mentioned).
I would then check whether the image is valid by using
getimagesizeto ensure it’s an actual image and that’s about it.There are also client side html5 solutions, where you evade this problem completely, but of course it means that it won’t work with older browsers.
And of course don’t trust what the content type it says it is.
2nd:
Yes I would have thought, first try
getimagesize, if you get valid then process with GD. Optionally you can also whitelist extensions, if that’s something you are not doing.