0

Im trying to upload an image to my server given a url pointing to an image. I was wondering, which measures should i take into account to prevent remote file inclusion attacks, how can i make sure that the url a user provides really points to an image and not to a php file

Thanks

gabriel mellace
  • 229
  • 5
  • 15
  • 1
    This probably won't fully answer your question, but have you looked at [Header only retrieval in PHP using CURL](http://stackoverflow.com/a/1379319/3033053) – silencedmessage Aug 22 '14 at 00:54
  • What if the image isn't actually a file but a php dinamically generated image? – lelloman Aug 22 '14 at 00:56
  • The head request will also give you the content-type information without pulling down the entire file (*I think*). I doubt that's enough as far as security from attacks, but that's why I posted as a comment and not an answer. :) – silencedmessage Aug 22 '14 at 01:15

0 Answers0