如何判断URL是否指向图像？

I have a php page with a text input where the user is supposed to paste a remote URL of an image, and I will have to store it in the server and display it to the user. Now the problem is, I don't trust a user will always provide a proper image url, and I don't want them to upload a pdf or other file, or a huge, few gb worth of file. Now I can check the extension, but that isn't very helpful, and I hear I can check the mime-type, but I don't know how I can open the file once and check all the validations like mime-type and file size in one go, and then copy the file over. Moreover, since the file will be pretty much served as it is(with a minor name change), I would like to know if it is possible to make sure that the file doesn't have any injected virus or problematic code.

Any suggestions appreciated.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

3条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doufubian3479 2013-04-16 17:35
关注
Well there are really multiple things that can be done here. I would suggest using cURL as your mechanism for transferring the file (rather than file_get_contents() or similar). The reason for this is that you can first send a HEAD request against the resource to just get the header information before committing to actually download it. From the headers, you should be able to evaluate the file name, file size, mime-type information, etc. Note that NONE of this information should be trusted, but it at least gives you a sanity check before committing to the file download.

Once you have done the sanity check, you can download the file into a local snadbox directory. This should not be a web-accessible directory. You could use exif_imagetype() to determine if the file is indeed an image of the type you are interested in.

Assuming this all looks good, I would just do the last bit of cleanup-and renaming in GD library (perhaps use imagecreatefrom*() functions to make final image from the temp download file).

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(2条)

报告相同问题？

关注问题

如何判断URL是否指向图像？ php
2013-04-16 17:19

回答 3 已采纳 Well there are really multiple things that can be done here. I would suggest using cURL as your m
如何使用php从xml值下载url中的图像？ php xml
2017-11-10 05:00

回答 2 已采纳 Try this, It will help you $imageLink = "GET URL LINK FROM XML"; $random = mt_rand(); $filename
如何使用PHP从URL调整图像大小？ php
2015-06-13 13:45

回答 1 已采纳 here is the solution based on imagecopyresampled (GD library) http://php.net/manual/en/function.im
【PHP】如何判断一个URL是否是一个图片链接
2021-02-07 10:19

乡村的博客直接正则匹配URL链接，是否是以.png,.gif,.jpg,.jpeg结尾的。 preg_match('/.*(\.png|\.jpg|\.jpeg|\.gif)$/', $url); 这个是一个最简单的方式，但是不够精确，因为并不是所有的图片链接都是以图片名字+扩展名...
如何阻止直接URL访问我的图像？ [重复] php
2017-10-30 08:03

回答 1 已采纳 Create an empty file index.php inside your "images" folder.
如何使用javascript捕获损坏的图像URL然后将URL传递给php？ ajax javascript mysql php
2018-03-25 21:32

回答 3 已采纳 You are almost there. Simply replace this: this.src='http://example.com/image.jpg' with: this.
如何在for循环php中显示图像？ html mysql php
2018-06-22 06:13

回答 5 已采纳 can you tri this $servername = 'localhost'; $username = 'root'; $password = ''; $dbname = 'image'
URL末尾是否应该加斜杠？
2021-01-26 08:45

海拥✘的博客 URL末尾是否应加斜杠？域名后跟斜杠没关系尾部的斜杠对于其他URL很重要文件不应以斜杠结尾斜线和 SEO尾随斜杠和非尾随斜杠URL上显示相同的内容尾部斜杠和非尾部斜杠URL上显示不同的内容Hreflang添加或删除尾部斜杠....
如何在PHP中基于URL下载图像？卷曲？ html php
2011-11-01 17:07

回答 2 已采纳 With that <input> you then have to tell your PHP code to go and download that file e.g. &lt
如何重定向保留URL参数的目录？ php
2018-10-17 19:09

回答 1 已采纳 You can use this redirect rule in your site root .htaccess: RewriteEngine On RewriteRule ^(?!new
如何通过PHP中的URL获取图像的内容？ php
2013-03-02 09:47

回答 1 已采纳 You can use Client URL Library. It is the best solution for you. Also, try this: $ch = curl_in
src指向请求文件服务器的文件,有img src = dl-main.php？f = filename.jpg从远程服务器检索所述图像...
2021-08-10 21:18

雨田青的博客我正在尝试执行以下操作：动态挑选一个服务器上的图像，然后显示所述图像在img src =“”...f = filename.jpg从远程服务器检索所述图像DL-main.php(上server0.domain.com)$url = 'http://server2.domain.com/offeri...
<？php echo base_url（）;？>和<？php base_url（）;？> php
2016-07-28 09:00

回答 2 已采纳 Please show more about your problem detail like paste your error code in here that we could use th
CDN-Linker：重写指向静态文件的链接，以便它们指向您选择的CDN。对于Wordpress和Magento
2021-02-24 11:49

通过将“ blog_url”替换为自定义链接，修改指向“ wp-content”和/或“ wp-includes”（或您配置的任何内容）的链接。使您能够从其他主机，镜像或CDN提取静态文件，例如图像，CSS或JS。您可以将文件上传到S3，...
php设置默认用户登录网页,如何更改和保护默认PhpMyAdmin登录URL
2021-04-21 09:41

爱尔兰KEN的博客你要做的第一件事是更改该URL。这不一定会阻止攻击者定位您的服务器，但会降低成功入侵的风险。这被称为通过晦涩的安全，虽然有些人会认为这不是一个安全的措施，但是已经知道它们都阻止攻击者和防止攻击。注：请...
没有解决我的问题, 去提问

悬赏问题

¥15 乘性高斯噪声在深度学习网络中的应用
¥15 运筹学排序问题中的在线排序
¥15 关于docker部署flink集成hadoop的yarn，请教个问题 flink启动yarn-session.sh连不上hadoop，这个整了好几天一直不行，求帮忙看一下怎么解决
¥30 求一段fortran代码用IVF编译运行的结果
¥15 深度学习根据CNN网络模型，搭建BP模型并训练MNIST数据集
¥15 C++ 头文件/宏冲突问题解决
¥15 用comsol模拟大气湍流通过底部加热（温度不同）的腔体
¥50 安卓adb backup备份子用户应用数据失败
¥20 有人能用聚类分析帮我分析一下文本内容嘛
¥30 python代码，帮调试，帮帮忙吧

如何判断URL是否指向图像？

3条回答 默认 最新

悬赏问题

3条回答默认最新