Secure remote image upload from URL

Asked Aug 22 '14 at 00:46

Active Aug 22 '14 at 00:46

Viewed 132 times

Im trying to upload an image to my server given a url pointing to an image. I was wondering, which measures should i take into account to prevent remote file inclusion attacks, how can i make sure that the url a user provides really points to an image and not to a php file

Thanks

asked Aug 22 '14 at 00:46

gabriel mellace

1

This probably won't fully answer your question, but have you looked at [Header only retrieval in PHP using CURL](http://stackoverflow.com/a/1379319/3033053) – disappointed in SO leadership Aug 22 '14 at 00:54
What if the image isn't actually a file but a php dinamically generated image? – lelloman Aug 22 '14 at 00:56
The head request will also give you the content-type information without pulling down the entire file (*I think*). I doubt that's enough as far as security from attacks, but that's why I posted as a comment and not an answer. :) – disappointed in SO leadership Aug 22 '14 at 01:15

Secure remote image upload from URL

0 Answers0