Using getimagesize() for image file detection

Discussions and requests related to new CMSimple features, plugins, templates etc. and how to develop.
Please don't ask for support at this forums!
Post Reply
cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Using getimagesize() for image file detection

Post by cmb » Mon Jul 13, 2015 9:15 am

Hi everybody!

I just learned that using only getimagesize() to detect whether a given file is an image file is not reliable, what might cause bugs and even security issues. Depending on the circumstances using finfo and/or checking the file extension seems to be more appropriate.

There's one place in the standard distribution of CMSimple_XH which may be improved in this regard: file upload with the filebrowser.
Christoph M. Becker – Plugins for CMSimple_XH

Post Reply