1

I know this question was asked many times and i have read through most of the questions and answers here.
Result: If you do it right, the only problem seems to be embedded code in the comments or EXIF data.
Question: If i process an image file with smushit, Yahoo's image compressing engine, then it should be more safe, then just transforming it with GD library, or?

Regards
Nils

Abenil
  • 1,048
  • 3
  • 12
  • 26
  • GD is safe as well. As long as GD doesn't contain bugs, of course. As long as you keep it up to date you'll be fine. – Tom van der Woerdt Apr 25 '12 at 14:06
  • is GD stripping meta data, comments and exif data from images? could you provide a link? – Abenil Apr 25 '12 at 14:08
  • Just be careful with GD ,it will not handle some Advanced Color Profile's ,and professionals uses in most cases this Profiles.I use ImageMagic ,but im not sure if it's safe enough. – Rosmarine Popcorn Apr 25 '12 at 14:13
  • As far as I know, GD has no idea what EXIF is, so it won't read it and definitely not save it. However, as @Cody mentioned, GD isn't perfect. – Tom van der Woerdt Apr 25 '12 at 14:30
  • I started on an Upload Proxy project here, https://github.com/sarciszewski/php-snippets/tree/master/uprox <- it supports file extension and MIME type whitelisting. – Scott Arciszewski May 02 '14 at 15:25

0 Answers0