Comprobar si una URL remota es una imagen a través de curl

Via curl from url i getting some info and i need to check if it is an image.

$result = curl_exec($ch);

UPDATE: Content-type checking is not a good idea, because it can be faked.

preguntado el 31 de julio de 12 a las 11:07

@asprin just show where i need check. -

@AlexanderLarikov just show where i need check -

The content type header cannot be faked. It is, by definition, authoritative. -

7 Respuestas

I would personally use gd tools within PHP to check if its an image or not. You cannot trust that the source gives the right MIME within the header. More than once I have trusted the headers and been disappionted by the fact that the content was an image but was transferred (due to the way the url/server works) over another format.

Respondido 31 Jul 12, 11:07

Yap, you unly one who understood this question. - user1564141

@user1564141 Indeed, also Alexander does, hes actually got a code sample for you. - sammaye

Yes, but i working with curl and so i need to check its result. - user1564141

@user1564141 Ah yea that has to take a URL which is annoying, you can use imagecreatefromstring php.net/manual/en/function.imagecreatefromstring.php como un reemplazo - sammaye

@verisimilitude This is not a security issue. If you have security concerns about the content type header, you equally should have security concerns about the content itself. - Oswald

function getContentType($url)
{
    $curl = curl_init();
    curl_setopt_array( $curl, array(
    CURLOPT_HEADER => true,
    CURLOPT_NOBODY => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_URL => $url ) );

    curl_exec( $curl ); //execute
    $contentType = curl_getinfo($curl, CURLINFO_CONTENT_TYPE);  //get content type
    curl_close( $curl );

    return $contentType;
}

The above function will return you the type and then u can check for substring image in value returned

Respondido 31 Jul 12, 11:07

that's a quite bad url encoding practice - karoly horvath

Thanks for sharing your knowledge :) - Uttara

but what to do in case if an url is already encoded (i.e it contains %2B or %20) and it also includes chars like (" " and "+") which needs to be encoded. In that case using urlencode results in bad url i.e it will encode "%".. any idea what to do in that case - Uttara

@Uttara I believe urlencode works a lot like htmlentities to detect special characters within the URL that could pose a problem is left unsanistised. As such if the url is already encoded it will not encode it again. You are correct that complications could arise if you use a difficult URL but you will have to manually make cases and exceptions for those specific URLs. - sammaye

I guess one way would be to read the HTTP-headers, especially the Content-type header, and evaluate whether it is an image or not.

Esta pregunta SO discuss how to check http headers using curl.

contestado el 23 de mayo de 17 a las 13:05

Use this to get the MIME type.

echo curl_getinfo($ch, CURLINFO_CONTENT_TYPE);

and use it against common image mime types viz. image/gif, image/png, etc.

Respondido 31 Jul 12, 11:07

it uses browsers type and it cant be changed. - user1564141

I can create web.php shell and send it to the server with image/gif, image/png, etc. - user1564141

  1. Include the HTTP header in the output by setting CURLOPT_HEADER vía curl_setopt.
  2. Parse the header, e.g using http_parse_headers.
  3. Check whether the content-type header field indicates an image type.

You might also want to set the request method to HEAD by setting CURLOPT_NOBODY if you are only interested in the content type.

Respondido 31 Jul 12, 11:07

    $c = curl_init();

    curl_setopt( $c, CURLOPT_RETURNTRANSFER, true );
    curl_setopt( $c, CURLOPT_CUSTOMREQUEST, 'HEAD' );
    curl_setopt( $c, CURLOPT_HEADER, 1 );
    curl_setopt( $c, CURLOPT_NOBODY, true );
    curl_setopt( $c, CURLOPT_URL, 'your.url' );

    curl_exec($c);

    $content_type = curl_getinfo($c, CURLINFO_CONTENT_TYPE);

And check for allowed content-type.

Respondido 31 Jul 12, 11:07

Puedes usar obtenertamaño de imagen

<?php
    $i = getimagesize('http://static.adzerk.net/Advertisers/bd294ce7ff4c43b6aad4aa4169fb819b.jpg');
    print_r($i);

Salida

Array
(
    [0] => 220
    [1] => 250
    [2] => 2
    [3] => width="220" height="250"
    [bits] => 8
    [channels] => 3
    [mime] => image/jpeg
)

In case its not image you'll get false

$i = getimagesize('http://stackoverflow.com');
var_dump($i);

Salida:

bool(false)

Respondido 31 Jul 12, 11:07

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.