PHP image upload security approach

Question

I develop a php script to replace a current one, that will have a lot of exposure to various markets/countries. This script between others offers an photo upload functionali

Answer 1

You should also check uploaded file size, as getimagesize can sometimes exceed available RAM memory. It's also good to assume that your script can crash at any point (for example when the electricity go down), so you should implement some clean up procedures to remove left, unneeded files.

Answer 2

1. A directory with chmod 0777 is, by definition, public to other users logged into your server, not private. The correct permissions would be 700 and being owned by apache (or whatever user your webserver runs at). I'm not sure why you wouldn't use php's default temporary directory here, since it tends to be outside of the web root too.
2. A white-list is a good idea. Be careful to have a correct implementation. For example, the regexp /.png/ actually matches apng.php.
3. This step is a great idea. It basically checks the file magic.
4. Is not strictly necessary. In the two previous steps, we have determined that extension and file format are correct. If you require a correct MIME type to be specified by the client, you should also check that the given MIME type and the one determined above are equivalent.

Steps 5 to 8 are not security-related.

Step 9: I'm assuming that your site allows everyone to see every photo. If that isn't the case, you should have a URL scheme with substantially longer URLs (say, the hashsum of the image).

Answer 3

That's a quite complete approach, but I do not see any code execution prevention mechanism.

You should make sure that the content of the image is never included (with an include or require call) or executed through eval().

Otherwise, php code included at the end of the file could be executed.

You can also try to detect php code inside the image content (with file_get_contents, and then a regex searching for " < ? php " for instance ) but I could not find a 100% secure way to eliminate suspicious code without destroying some (valid)images.