duanbing8817 2012-05-12 22:02
浏览 44
已采纳

通过php下载远程图像(安全)

PHP:

Any ideas where I could find a script similar to what stackoverflow uses? Or would it be easy to make something like that myself? I'm sure downloading the image is not a problem, but I'm more worried about security. I'm building an user avatar upload/remote upload system.

Jquery:

The reason I added jquery to the tags, perhaps it is possible to let the user point the URL of the image and somehow upload it via the normal file upload input himself (without having to manually download the image to the computer first)

  • 写回答

1条回答 默认 最新

  • duanluo5096 2012-05-12 22:05
    关注

    You can use cURL to download the image and then use getimagesize() to check whether it's actually an image - for security purposes.

    <?php
$limit = 1024*1024*10 // Max. file size in bytes (1024*1024*10 = 10MB)
$ch = curl_init();

$fh = fopen('image.jpg', 'w'); 

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FILE, $fh);
curl_setopt($ch, CURLOPT_RANGE, '0-' . $limit);

curl_exec($ch);

curl_close($ch);

if ($image = getimagesize ("image.jpg")) { 
     // It's an image
}
else { 
     // Not an image; delete!
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 请问有会的吗,用MATLAB做
  • ¥15 phython如何实现以下功能?查找同一用户名的消费金额合并—
  • ¥15 ARIMA模型时间序列预测用pathon解决
  • ¥15 孟德尔随机化怎样画共定位分析图
  • ¥18 模拟电路问题解答有偿速度
  • ¥15 CST仿真别人的模型结果仿真结果S参数完全不对
  • ¥15 误删注册表文件致win10无法开启
  • ¥15 请问在阿里云服务器中怎么利用数据库制作网站
  • ¥60 ESP32怎么烧录自启动程序,怎么查看客户esp32板子上程序及烧录地址
  • ¥50 html2canvas超出滚动条不显示