Question is simple. How can I make 100% safe photo upload script with php? Is there any tutorials which shows all possible safeness’s gaps?
Do not offer me to look at this question, because there they talk only about size. But I want to be sure, that nobody can upload shell and other stuff. Because it’s a big website which need 100% safe photo upload script.
Edit: or maybe I should allow members to upload pics to receptacles like imageshack and copy their link to my website? I guess it is 100% safe, right?
It’s really rather simple. Run all uploaded images through an image filter that is known to be safe. If it kicks back with a “Not an image error”, you have shenanigans. (A simple example would be an identity transform, or a JPEG quality normalization technique.) An important point, tho’, is to actually use the output from the filter, not the original file.