You are viewing our Forum Archives. To view or take place in current topics click here.
[Help] Upload Image via URL
Posted:

[Help] Upload Image via URLPosted:

Bliu
  • V5 Launch
Status: Offline
Joined: Mar 25, 201212Year Member
Posts: 490
Reputation Power: 24
Status: Offline
Joined: Mar 25, 201212Year Member
Posts: 490
Reputation Power: 24
if(isset($_POST['update_avatar'])) {
    $url = $_POST['avatar'];
    $info = getimagesize($url);

    if(isset($info['name'])) {
        echo "Exists";
    } else {
        echo "Error";
    }
}


How can I avoid getting PHP errors when the user types an invalid URL, random piece of text or invalid image URL etc?

Thanks,
#2. Posted:
Piracy
  • New Member
Status: Offline
Joined: Sep 10, 201212Year Member
Posts: 29
Reputation Power: 1
Status: Offline
Joined: Sep 10, 201212Year Member
Posts: 29
Reputation Power: 1
Based on my research, getimagesize() will return FALSE when an invalid image is supplied. However I'm using PHP 5.6.3, so that may not always be the case. But this should work just fine:

if( isset( $_POST['update_avatar'] ) )
{
    $url   = $_POST['avatar'];
    $info   = getimagesize($url);
   
   if ( $info === FALSE )
   {
      //   There was an error, probably not a real image
   }
   else
   {
      //   It worked, do whatever you want here...
   }
}
#3. Posted:
Bliu
  • V5 Launch
Status: Offline
Joined: Mar 25, 201212Year Member
Posts: 490
Reputation Power: 24
Status: Offline
Joined: Mar 25, 201212Year Member
Posts: 490
Reputation Power: 24
Piracy wrote Based on my research, getimagesize() will return FALSE when an invalid image is supplied. However I'm using PHP 5.6.3, so that may not always be the case. But this should work just fine:

if( isset( $_POST['update_avatar'] ) )
{
    $url   = $_POST['avatar'];
    $info   = getimagesize($url);
   
   if ( $info === FALSE )
   {
      //   There was an error, probably not a real image
   }
   else
   {
      //   It worked, do whatever you want here...
   }
}


Yeah, I know but the PHP error is occuring on line:

$url = $_POST['avatar'];


I've tried wrapping it in a try catch statement but no luck.
#4. Posted:
Piracy
  • New Member
Status: Offline
Joined: Sep 10, 201212Year Member
Posts: 29
Reputation Power: 1
Status: Offline
Joined: Sep 10, 201212Year Member
Posts: 29
Reputation Power: 1
Try this:

if( isset( $_POST['update_avatar'] ) && isset( $_POST['avatar'] ) )
{
    $url   = $_POST['avatar'];
    $info   = getimagesize($url);
   
   if ( $info === FALSE )
   {
      //   There was an error, probably not a real image
   }
   else
   {
      //   It worked, do whatever you want here...
   }
}
#5. Posted:
7en
  • V5 Launch
Status: Offline
Joined: Aug 16, 201212Year Member
Posts: 598
Reputation Power: 29
Status: Offline
Joined: Aug 16, 201212Year Member
Posts: 598
Reputation Power: 29
getimagesize() can be exploited by placing arbitrary code in META tags. Would avoid using this to validate an image.
Jump to:
You are viewing our Forum Archives. To view or take place in current topics click here.