Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help File Uploader Image Security
File Uploader Image Security
  • Offline AlanDev
    Newbie
  • *
  • Posts: 3
    Threads: 2
    Joined: May 2016
    Reputation: 0
#1
03-20-2018, 06:50 AM

Hi all,


Does the file uploader class perform all the necessary security checks to verify that a file is an image such as checking the actual first 20 or so bytes of the file, etc? 


Note: I already know about changing the file name, adding htaccess to the upload folder to prevent php scripts from running, etc.  This is about verifying the actual image itself as being an image.

Thanks,

Alan
Reply
  • Offline php_rocs
    Administrator
  • *******
  • Posts: 1,392
    Threads: 79
    Joined: Jun 2016
    Reputation: 72
#2
03-20-2018, 07:37 AM

Check out the documentation: https://www.codeigniter.com/user_guide/l...ght=upload
Reply
  • Offline skunkbad
    Senior Citizen
  • *****
  • Posts: 1,300
    Threads: 63
    Joined: Oct 2014
    Reputation: 86
#3
03-20-2018, 08:23 AM

(03-20-2018, 06:50 AM)AlanDev Wrote: ... adding htaccess to the upload folder to prevent php scripts from running ...

I've not seen this one. What does that look like?

If you browse the code in the upload library, I think you'll find it handles even more than you thought it would.
Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3
Reply
  • Offline ivantcholakov
    Senior Member
  • ****
  • Posts: 668
    Threads: 17
    Joined: Oct 2014
    Reputation: 37
Reply
  • Offline Narf
    Me
  • *******
  • Posts: 1,589
    Threads: 1
    Joined: Oct 2014
    Reputation: 121
#5
03-20-2018, 06:01 PM

(03-20-2018, 05:58 PM)ivantcholakov Wrote: https://github.com/bcit-ci/CodeIgniter/b...d.php#L806

Should've pointed to this instead:

https://github.com/bcit-ci/CodeIgniter/b....php#L1206
Reply




Theme © iAndrew 2016 - Forum software by © MyBB