I have already worked and still work with some image manipulation libraries in PHP
, but I decided to study the origin of the manipulations, how they work, how to implement and work with the images.
As we know the images are uploaded through a
<input type="file">
, which allows uploading any type of file, I'm already considering the changes inHTML
and / orJavaScript
, which can be done by the malicious user.
I already have a certain treatment through the native errors of $_FILE['image']['error']
, also using getimagesize()
to, in a certain way, confirm the truth of the image, using $_FILE['image']['type']
, using MIME
and offset 2
taken from own getimagesize()
, which looks like this:
//array de arquivos suportados
$support=array(1=>"image/gif",2=>"image/jpg",3=>"image/png");
//informações do getimagesize()
$getimagesize=getimagesize($_FILE['image']['tmp_name']);
//uma das verificações
if($support[$getimagesize[2]]==$getimagesize['mime']){}
Why this type of verification? Because there are ways to create files that are not images with extensions of one, and in addition to that example, I also do a check based on the imagesx
and imagesy
sizes, to try to prevent possible malicious files as much as possible.
So, during this study, I came across some questions that I have not yet found anything on the internet to heal my doubts, they are:
- What are the errors, obtained by
$_FILES['image']['error']
that still holds the file on the server?
For example, upload a .txt
file that is not an image, but is a complete file, it generates $_FILES['image']['error'] == 0
, so the file has been transferred to the temporary folder and I can delete it.
The return of the getimagesize()
function is an array containing:
Array
(
[0] => 500
[1] => 300
[2] => 3
[3] => width="500" height="300"
[bits] => 8
[mime] => image/png
)
- What is the purpose of the
bits
key and what are its minimum, maximum, and maximum values?
Note: I know it's my first question and it may be a bit confusing, but I tried to be as clear as possible, if anyone can help me I'll be grateful.