[nycphp-talk] exif_thumbnail
csnyder
chsnyder at gmail.com
Tue Oct 31 15:18:49 EST 2006
On 10/31/06, Ken Robinson <kenrbnsn at rbnsn.com> wrote:
> Quick example (no error checking done...)
> Main script
> <?php
> <img src="tn.php?f=image.jpg">
> ?>
>
> tn.php:
> <?php
> $image = exif_thumbnail($_GET['f'], $width, $height, $type);
> header('Content-type: '
> .image_type_to_mime_type($type));
> echo $image;
> ?>
>
I'm not sure what exif_thumbnail() would do with a non-image, but to
protect against $_GET['f'] == "../../../etc/passwd" you'd probably
better make that:
<?php
$imagesource = '/path/to/images';
$imagepath = $imagesource.'/'.$_GET['f'];
if ( strpos( $imagepath, '..' ) === TRUE ) exit("No way.");
$image = exif_thumbnail( $imagepath, $width, $height, $type );
header('Content-type: ' .image_type_to_mime_type($type));
header('Content-length: '.strlen($image));
echo $image;
?>
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list