Page 1 of 1

Checking for malicious file uploads

Posted: 2010-07-01T08:31:56-07:00
by adamlangsner
I have a script that accepts file uploads. they are jpeg images and I want to make sure that no one is sending me an image with malicious scripts in it, is there a way that ImageMagick can do this?

Re: Checking for malicious file uploads

Posted: 2010-07-01T19:39:56-07:00
by anthony
Just read the file with -quiet -regard-warnings. If the returned status is not zero, something was very wrong with the image, and IM did not want to parse it fully.

Code: Select all

convert -quiet -regard-warnings [color=#4000FF]{image}[/color] +repage tempory_file.miff ||
   echo "image is not readable"
NOTE many TIFF images has extra unknown profiles included by various programs. These extra profiles would normally be warned about. The -regard-warnings makes such profiles a fatal error rather than a simple warning.

See Im Examples, Basics, Operational Controls.
http://www.imagemagick.org/Usage/basics/#controls