+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: File Uploader Image Security (/showthread.php?tid=70287)
File Uploader Image Security - AlanDev - 03-20-2018
Hi all,
Does the file uploader class perform all the necessary security checks to verify that a file is an image such as checking the actual first 20 or so bytes of the file, etc?
Note: I already know about changing the file name, adding htaccess to the upload folder to prevent php scripts from running, etc. This is about verifying the actual image itself as being an image.
Thanks,
Alan
RE: File Uploader Image Security - php_rocs - 03-20-2018
Check out the documentation: https://www.codeigniter.com/user_guide/libraries/file_uploading.html?highlight=upload
RE: File Uploader Image Security - skunkbad - 03-20-2018
(03-20-2018, 06:50 AM)AlanDev Wrote: ... adding htaccess to the upload folder to prevent php scripts from running ...
I've not seen this one. What does that look like?
If you browse the code in the upload library, I think you'll find it handles even more than you thought it would.
RE: File Uploader Image Security - ivantcholakov - 03-20-2018
https://github.com/bcit-ci/CodeIgniter/blob/3.1.7/system/libraries/Upload.php#L806
RE: File Uploader Image Security - Narf - 03-20-2018
(03-20-2018, 05:58 PM)ivantcholakov Wrote: https://github.com/bcit-ci/CodeIgniter/blob/3.1.7/system/libraries/Upload.php#L806
Should've pointed to this instead:
https://github.com/bcit-ci/CodeIgniter/blob/3.1.7/system/libraries/Upload.php#L1206