Avoiding the PHP GIF Security Issue

PHP GIF security Issue
sometime hacker can add php-code in the middle of GIF image. and they can hack some confidential information from your site.
usually uploading files are moved to given directory. so in form of image hacker will send some code in that directory and if site serves images directory from that directory, then  your site may be open for security exploits.

for ex, let’s say hacker upload an image named test.gif.php the image may be moved to the images directory.if webserver is configured as usaual to process request with .php file, and the site server the images with below url, the request will execute the php code inside that image file.
http://www.yoursite.com/test.gif.php

how to avoid?

basic solution to avoid this problem is to protect upload directory to avoid direct request to where images are located.

so you can fix it by editing .htaccess file.

code
<Files images>
deny from all
</Files>

and alternative solution is add php function to check valid file(image) extension.
please visit the previous post to learn that code.
https://webdevsurya.wordpress.com/2013/01/09/image-upload-validation-using-php/

have a nice DaY 🙂