Page 1 of 1
Checking for malicious file uploads
Posted: 2010-07-01T08:31:56-07:00
by adamlangsner
I have a script that accepts file uploads. they are jpeg images and I want to make sure that no one is sending me an image with malicious scripts in it, is there a way that ImageMagick can do this?
Re: Checking for malicious file uploads
Posted: 2010-07-01T19:39:56-07:00
by anthony
Just read the file with
-quiet -regard-warnings. If the returned status is not zero, something was very wrong with the image, and IM did not want to parse it fully.
Code: Select all
convert -quiet -regard-warnings [color=#4000FF]{image}[/color] +repage tempory_file.miff ||
echo "image is not readable"
NOTE many TIFF images has extra unknown profiles included by various programs. These extra profiles would normally be warned about. The
-regard-warnings makes such profiles a fatal error rather than a simple warning.
See Im Examples, Basics, Operational Controls.
http://www.imagemagick.org/Usage/basics/#controls