Re: PHP security exploit with GIF images - Comments on PHP Classes blog post "PHP security exploit ..."

<!DOCTYPE HTML> <html lang="en"> <head> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="google-site-verification" content="koB0IMWgAHKwEXWyOGt9RPqYrJU-fKzpoOTwRnprhKo" /> <title>Re: PHP security exploit with GIF images - Comments on PHP Classes blog post "PHP security exploit ..." - PHP Classes</title>  <style type="text/css"> *, .normal-size { font-size: 14px; } html, body, input[type=submit] { color: black; font-family: "helvetica" , sans-serif , arial , helvetica; overflow-x: hidden !important; } html, body { background-color: #ffffff; height: 100%; margin: 0px; } a:link, a:active { color: #090F15; text-decoration: none; border-bottom-style: dotted; border-bottom-width: 1px; } a:visited { color: #26394d; } a:hover, #logoPHP > a, #logoCompany > a, #topLogoPHP > a { border-bottom-style: none; } .left { float: left; } .right { float: right; } .clear { clear: both; } input[type=text] { border: none; outline: none; color: #333; background: #ffe; z-index: 90; font-size: 1em; font-weight: normal; font-variant: normal; text-transform: none; font-family: monospace; } img { } h1, h1 * { font-size: 28px; width: auto !important; } h2 { color: #19597c; padding-bottom: 0px; padding-top: 0px; } h2, h2 * { font-size: 22px; } h3, h3 * { color: #19597c; font-size: 20px; margin: 10px 0px; padding: 10px 0px; } h4 * { color: #19597c; font-size: 16px; } h5 * { color: #19597c; font-size: 16px; } h6 * { color: #666666; font-size: 14px; } big big a { display: block; font-size: inherit; padding: 0px 0px 10px; } big a { font-size: inherit; } td > a > span, #reputation-button { font-size: 1em; } #reputation-menu { border-radius: 6px !important; } .nbpb, .nbtb { background-color: inherit; border-width: 0px; } .backgroundDecoration { position: absolute; right: 1025px; top: 0px; } #rightDecorationBg { left: 1025px; } #MainContainer { background-color: #19597c; min-height: 100%; margin: 0 auto; } #Container { background: none repeat scroll 0% 0% #fff; height: auto !important; margin: 0px auto; position: relative; z-index: 10; width: 98% !important; } #PageContent { margin: auto; width: 100% !important; position: relative; text-align: left; } #PageInfo, #PageInfoLogged { background: inherit; width: inherit; position: relative; } .pageDecoration { bottom: 0px; position: absolute; right: -9px; } #leftDecoration { left: -9px; } #user-bar:empty { min-height: 56px; } #user { padding-bottom: 4px; } #user, #TopLine, #UserContent, #order-menu { background-color: #19597c; width: 100%; } .shop-step { color: #ffffff; font-size: 18px; line-height: 36px; font-weight: bold; } .responsive-menu { padding-top: 0px; padding-bottom: 0px; } #TopLine, #UserContent { z-index: 1; position: relative; } #TopLine { position: absolute; } #user table { white-space: nowrap; width: auto; margin: 0px auto; padding: 5px 0px 0px 140px; } #user table td { line-height: 30px; padding: 0px; white-space: nowrap; width: auto; } #user .tabcontent, #endnavigation .tabcontent { color: #C3F0FF; font-weight: bold; text-transform: capitalize; } #user .tabcontent span { float: left; padding: 8px 5px 0px 2px; white-space: nowrap; } #user a { color: #FFFFFF; font-size: 14px; font-weight: bold; padding: 0px 5px 0px 2px; text-align: left; text-decoration: none; border-bottom-style: dotted; border-bottom-width: 1px; white-space: nowrap; } #user a:hover { color: #C3F0FF; } #user img { padding-top: 3px; vertical-align: top; } #user .nbgu { float: left; padding: 0px; white-space: nowrap; } #logoPHP { background-size: cover; text-align: center; height: 136px; background: rgb(63,132,41); background: linear-gradient(90deg, rgba(63,132,41,1) 0%, rgba(255,255,255,1) 50%, rgba(25,89,124,1) 100%); } #logoContainer { padding-top: 38px; display: inline-block; } #Top #logoCompany { position: absolute; right: 145px; top: -60px; } #invertedCompanyLogo { text-align: center; } #elephpant { margin-right: 15px; position: absolute; right: 5px; top: -97px; } #recommendpage { margin: auto; width: 40em; } #recommendpage table { min-width: 40em; text-align: center; white-space: normal; border: 2px solid #ccc; border-style: solid; border-radius: 0 0 5px 5px; border-top: 0; margin-bottom: 10px; } #recommendpage table td { background: none repeat scroll 0% 0% transparent; border: medium none; padding: 10px 0px 5px 10px; vertical-align: top; } #recommendpage table td img { padding: 0px 3px 0px 5px; } #navigation { background-color: #4b9759; clear: both; color: #000 !important; font-size: 1.2em; font-weight: bold; height: 44px; line-height: 24px; padding: 0px; position: relative; text-align: center; width: 100%; } #navigation form { border: 0px none; } #navigation table { height: 44px; width: 974px; } #navigation td { font-size: 14px; padding-top: 9px; } #navigation img { border: 0px none; margin: 0px 0px 0px 5px; vertical-align: middle; } #navigation a { color: #ffffff; text-decoration: none; border-bottom-width: 1px; } #navigation a:hover { text-decoration: underline; border-bottom-style: none; } #navigation td.nbgu { display: none; } #navigation td.nbtu, #MenuContent td.nblu { height: 24px; line-height: 24px; padding: 10px 4px 0px; text-decoration: none; border-bottom-width: 1px; } #navigation td.nbtu input[type=text] { height: 20px; margin: 0px 5px; width: 100px; } #navigation td.nbtu * { float: left; } #ads { clear: both; margin: 0px auto; padding: 0px; width: 1010px; } #topAds { display: inline-block; margin-left: 10px; } #inputText { color: #666666; float: left; height: 20px; width: 150px; } .BodyContent { text-align: center; } .BodyColumn { display: inline-block; vertical-align: top; text-align: left; } #BodyContent { display: inline-block; vertical-align: top; text-align: left; } .InfoContent { clear: both; margin: 10px auto 0px auto; max-width: 1025px; position: relative; padding: 0 10px; } .InfoContent .nblu, .InfoContent .nbtu { background-color: #dfdfdf; border-top-left-radius: 2px; border-top-right-radius: 2px; border-width: 1px; color: #19597c; font-size: 12px; padding: 7px; text-align: center; white-space: nowrap; width: auto; } .InfoContent .ct { background-color: #FCFCFC; border-width: 1px 1px 0 1px; border-style: solid; border-color: #E1E1E1; color: #000000; font-size: 12px; padding: 3px; text-align: center; white-space: nowrap; width: auto; } .InfoContent .cd { background-color: #FCFCFC; border-width: 0 1px 1px 1px; border-style: solid; border-color: #E1E1E1; color: #000000; font-size: 12px; padding: 3px; } .InfoContent .cg { margin: 1px; padding: 0px; white-space: nowrap; width: 4px; } .InfoContent .nbtd :hover, .InfoContent .nbtu :hover { background-color: #c9c9c9; text-decoration: underline; border-bottom-style: none; color: #2989C7; } .InfoContent .nbtd :hover .tab, .InfoContent .nbtu :hover .tab { color: #2989C7; } .InfoContent .nbld, .InfoContent .nbtd { background-color: #bfbfbf; border-color: #92DBEC; color: #05497B; font-size: 12px; padding: 7px; text-align: center; white-space: nowrap; width: auto; } .InfoContent .nblu, .InfoContent .nbld { background-color: #557799; color: #FFFFFF; } .InfoContent .nblu .tab { } .InfoContent .nbgu { color: #05497B; margin: 1px; padding: 0px; white-space: nowrap; } .InfoContent .nbgd { color: #05497B; margin: 1px; padding: 0px; white-space: nowrap; } .InfoContent .nbtu a, .InfoContent .nbld a, .InfoContent .nbtd a { color: #05497B; font-size: 12px; } .InfoContent .nbtu span.tab { color: #000000; } .InfoContent .nbtu a.tab { } .InfoContent .nblu a:hover, .InfoContent .nbtu a:hover, .InfoContent .nbld a:hover, .InfoContent .nbtd a:hover { color: #2989C7; } .InfoContent .nblu a, .InfoContent .nbld a { color: #FFFFFF; font-size: 12px; } .InfoContent .nblu a:hover, .InfoContent .nbld a:hover { color: #C3F0FF; } .InfoContent .nbtu, .InfoContent .nbtd { vertical-align: middle; } .InfoContent .nbpu, .InfoContent .nbpd { padding: 6px 0 0 0; } .InfoContent td { padding-left: 5px; } .photo { border-radius: 50%; } .userInfoTable { border: 1px solid #f6f6f6; margin-left: 10px; padding: 20px; } td > b > h2 { margin-bottom: -1px; } .even td, .odd td, .even th, .odd th { color: #444444; } .menutext { border-bottom: 1px dotted #CCCCCC; color: #444444; } .menuicon > a { border-bottom-style: none !important; } .menuicon > a > img { } .menulink a { color: #595959; } .menulink a:hover { text-decoration: underline; border-bottom-style: none; } .back { background-color: #FFFFFF; } .even { background-color: #F9F9F9; } .light { background: none repeat scroll 0% 0% #f2f2f2; } .dark { background: none repeat scroll 0% 0% #d9d9d9; } .c799 > tbody > tr { padding: 10px !important; } .odd { } .even td, .odd td, .highlight td, .highlight th, .highlightContent td, .highlightContent th, .featuredeven td, .featuredodd td { padding: 5px; } .highlight, .highlightContent { background: none repeat scroll 0% 0% #F5F5F5; padding: 5px; } .highlightContent { animation-name: highlightContent; animation-duration: 0.5s; animation-iteration-count: infinite; animation-direction: alternate; } @keyframes highlightContent { 0% { background: #e6d346; } 100% { background: #ffffff; } } .highlightLink { background: none repeat scroll 0% 0% #FDFDFD; padding: 5px; line-height: 30px; animation-name: highlightLink; animation-duration: 0.5s; animation-iteration-count: infinite; animation-direction: alternate; border-radius: 8px; opacity: 90%; color: #000000; } *, .normal-size { } @keyframes highlightLink { 0% { background: #e6d346; } 100% { background: #ffffff; } } .tabcontent { } .nblu .tabcontent { color: #ffffff; } .featuredodd { background-color: #C5D4DB; padding: 5px; } .featuredeven { background-color: #C5D4DB; padding: 5px; } .removed { background-color: #AAAAAA; text-decoration: line-through; } .invalid { background-color: #FFCCCC; } .warning, .shopping-message-warning { background-color: #FFB366; } .alright { background-color: #70F0A0; } .monospace, code { font-family: monospace , Courier , "Courier New"; } .code { white-space: pre; white-space: pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; white-space: -moz-pre-wrap; white-space: -hp-pre-wrap; word-wrap: break-word; background: none repeat scroll 0% 0% #FCFCFC; padding: 4px; } .button, .shop-button, .remove-button, .shopping-message, .shopping-message-warning, input[class=shop-input] { border-radius: 6px; padding: 4px; border-width: 1px; border-style: solid; } .shop-button { border-color: #000000; background-color: #ccae66; background-image: linear-gradient(#ffdf92, #ccae66); color: #000000; font-weight: bold; font-size: 14px; padding: 7px; text-align: center; white-space: nowrap; width: auto; } .shop-button:hover, .shop-button:link, .shop-button:active { color: #000000; border-bottom-style: solid; border-bottom-width: 1px; } .shop-button:active { background-image: linear-gradient(#f8d37c, #ffdf92); } .remove-button { border-color: #000000; background-color: #1b95e0; background-image: linear-gradient(#1b95e0, #1470a8); color: #ffffff; font-weight: bold; font-size: 14px; padding: 7px; text-align: center; white-space: nowrap; width: auto; } .remove-button:hover, .remove-button:link, .remove-button:active, input[class=remove-button] { color: #ffffff; border-bottom-style: solid; border-bottom-width: 1px; } .remove-button:active { background-image: linear-gradient(#1470a8, #1b95e0); } .shopping-message-container { text-align: center; } .shopping-message, .shopping-message-warning { display: inline-block; line-height: 28px; border-color: #000000; font-weight: bold; font-size: 14px; padding: 7px; text-align: center; width: auto; } .shopping-message { color: #ffffff; background-color: #666666; background-image: linear-gradient(#666666, #333333); } .shopping-message-warning { color: #000000; background-color: #000000; background-image: linear-gradient(#FFB366, #cc8f52); } .shopping-price { font-size: 16px; text-align: center; font-weight: bold; width: auto; margin-left: 8px; margin-right: 8px; } input[class=shop-input] { margin: 4px; } .new { background-color: #ffea80; background-image: linear-gradient(#fffa80 , #ffea80); text-transform: uppercase; font-size: smaller; border-color: #ffe280; } .edit, .edit :link, .edit :visited, .InfoContent .nbtu a.edit { background-color: #60b040; background-image: linear-gradient(#90c070 , #60b040); color: #ffffff; border-color: #60a840; } .edit :hover, .InfoContent .nbtu a.edit :hover { background-color: #50a030; background-image: linear-gradient(#60b040 , #50a030); color: #C3F0FF; border-color: #60a840; } .edit :active, .InfoContent .nbtu a.edit :active { background-color: #60b040; background-image: linear-gradient(#50a030 , #60b040); color: #ffffff; border-color: #409020; box-shadow: inset 0 2px 4px rgba(0 , 0 , 0 , 0.15); } .tag, .tag :link, .tag :visited { background-color: #dea7a7; background-image: linear-gradient(#eeb3b3 , #dea7a7); color: #994d4d; border-color: #dea7a7; } .tag :hover { background-color: #ce9b9b; background-image: linear-gradient(#dea7a7 , #ce9b9b); color: #793d3d; border-color: #dea7a7; } .tag :active { background-color: #dea7a7; background-image: linear-gradient(#ce9b9b , #dea7a7); color: #994d4d; border-color: #be8f8f; box-shadow: inset 0 2px 4px rgba(0 , 0 , 0 , 0.15); } .ranking, .votes { display: inline; padding: 4px 8px; font-size: large; border-radius: 6px; background-color: #E8E8E8; color: #000000; } .votes { } .progressbar { background-color: #0000FF; background-image: url(https://files.phpclasses.org/graphics/phpclasses//progress.png); background-size: auto 100%; border-style: none; padding: 4px; text-align: center; border-radius: 6px; box-shadow: 4px 4px 4px #888; text-shadow: 2px 2px 2px #55C; } .box { border-color: #E1E1E1; border-style: solid; border-width: 1px; padding: 10px; margin-top: 10px; margin-bottom: 10px; border-radius: 10px; } .framed { margin: 5px 0px; padding: 10px 15px; border-radius: 10px; } .c360 > a { font-size: 13px; display: block; color: #729fcc; } .notifications { background: #e20000; background: radial-gradient(ellipse at center , #e20000 0% , #fb7b67 100%); border-radius: 6px; color: #ffffff; margin: 5px 0px; padding: 4px; text-shadow: 1px 1px 2px rgba(128 , 128 , 128 , 1); } .no-notifications { background: #888888; border-radius: 6px; color: #ffffff; margin: 5px 0px; padding: 4px; text-shadow: 1px 1px 2px rgba(128 , 128 , 128 , 1); } a:hover .no-notifications, a:hover .notifications { text-decoration: underline; border-bottom-style: none; } .score, .highlightScore { background: rgb(243,237,187); background: radial-gradient(circle, rgba(243,237,187,1) 0%, rgba(255,241,133,1) 100%); border-radius: 6px; margin: 5px 0px; padding: 4px; } .scoreText, .score, .highlightScore { color: #404040; text-shadow: 1px 1px 2px rgba(128 , 128 , 128 , 1); } a:hover .score, a:hover .scoreText { text-decoration: underline; border-bottom-style: none; } .highlightScore { animation-name: highlightScore; animation-duration: 0.5s; animation-iteration-count: infinite; animation-direction: alternate; } @keyframes highlightScore { 0% { background: #e6d346; } 100% { background: #ffffff; } } a:hover .highlightScore { text-decoration: underline; border-bottom-style: none; } .menu { border-color: #FCFCFF #707078 #707078 #FCFCFF; border-style: solid; border-width: 1px; cursor: default; opacity: 0.95; padding: 2px; background-color: #c9c9c9; } #Footer { height: 0px; width: 100%; z-index: 1; } #FooterInfo, #FooterInfoLogged { background: #19597c; min-height: 80px; position: relative; width: 100%; padding: 10px; margin-top: 10px; top: 10px; } #endnavigation { height: 35px; padding: 0px; width: 100%; } #endnavigation * { margin: 0px; padding: 0px; } #endnavigation table { height: 35px; padding: 0px; } #endnavigation table tbody { vertical-align: top; } #endnavigation a { color: #FFFFFF; font-weight: bold; padding: 0px 0px 0px 0px; text-decoration: none; border-bottom-style: dotted; border-bottom-width: 1px; text-transform: capitalize; } #endnavigation a:hover { text-decoration: underline; border-bottom-style: none; } #endnavigation img { padding-left: 13px; } #Copyright { width: 95% !important; color: #FFFFFF; height: 20px; margin: 0px auto; padding: 10px 0px; text-align: left; overflow: hidden !important; text-align: center; font-weight: bold; } #Copyright a { color: #86d5f2; text-decoration: none; border-bottom-style: dotted; border-bottom-width: 1px; } #Copyright a:hover { text-decoration: underline; border-bottom-style: none; } #Copyright table td { color: #FFFFFF; padding: 0px; } #Top, #TopLogged { background: none repeat scroll 0% 0% #FFFFFF; margin: 0px auto; padding: 0px; width: 100%; position: relative; bottom: 0px; top: 0px; } #Top h1, #TopLogged h1 { max-width: 1025px; margin: 15px auto 15px auto; overflow: hidden; color: #7F8C8D; } #Top h1 { position: relative; } #Top #topLogoPHP, #TopLogged #topLogoPHP, #TopLogo #topLogoPHP { max-width: 1025px; margin-left: auto; margin-right: auto; overflow: hidden; padding: 0 0 0 10px; color: #7F8C8D; position: relative; height: 60px; top: -60px; bottom: -60px; } #Top #topLogoPHP #topLogoPHPContainer, #TopLogged #topLogoPHP #topLogoPHPContainer, #TopLogo #topLogoPHP #topLogoPHPContainer { background-color: #ffffff; width: 200px; text-align: center; padding: 10px; position: relative; z-index: 2; } #TopLogo { margin-bottom: -60px; } #Top #subtitle, #TopLogged #subtitle { max-width: 1025px; margin: auto; overflow: hidden; } #Top #subtitle { position: relative; } .search-input { vertical-align: top; margin: 1px 0 0 0; display: inline-block; } #Contact, #Contact a { color: #ffffff; font-weight: bold; } .window-active-bar { border-style: none; background-color: #4b9759; height: 1%; white-space: nowrap; color: #ffffff; font-weight: bold; } .window-inactive-bar { border-style: none; background-color: #808080; height: 1%; white-space: nowrap; color: #c0c0c0; font-weight: bold; } .window { background-color: #f9f9f9; border-width: 1px; border-style: solid; border-top-color: #ffffff; border-left-color: #ffffff; border-bottom-color: #808080; border-right-color: #808080; } .nblu input { font-weight: bold; } .contactBar { position: fixed; bottom: 0px; right: 32px; z-index: 16777271; } </style>  <style type="text/css"> .safe-padding { padding: 14px; line-height: 200%; } .safe-size { font-size: 110%; } .call { display: none; } @media (max-width: 1024px) { .c1025 { display: none; } h1, h1 * { font-size: 20px; } h2, h2 * { font-size: 18px; } h3, h3 * { font-size: 16px; } h4 * { font-size: 14px; } h5 * { font-size: 12px; } h6 * { font-size: 10px; } #Top h1, #Top subtitle { padding: 10px 0 0 10px; margin: 0 0 0 0; } .InfoContent { margin: 0 auto 0 auto; padding: 0; } .responsive-menu { padding-top: 14px; padding-bottom: 12px; } .responsive-order-menu { padding-top: 0px; padding-bottom: 0x; } #BodyContent { display: block; } #PageContent { margin: 0; padding: 0; } } @media (min-width: 1025px) { .u1025 { display: none; } } @media (max-width: 1025px) { .contactBar { bottom: 0px; right: 10px; z-index: 16777271; } } @media (max-width: 399px) { .c399 { display: none; } } @media (max-width: 499px) { .c499 { display: none; } #Top h1 { width: auto; } } @media (max-width: 799px) { .c799 { display: none; } } @media (min-width: 799px) { .u799 { display: none; } } @media (max-width: 640px) { .c640 { display: none; } } @media (max-width: 360px) { .c360 { display: none; } } .menu-items { position: absolute; z-index: 1001; background-color: #103754; border-color: #cccccc; border-style: solid; border-width: 1px; padding: 4px; top: 32px; line-height: 36px; } .menu-items a { color: #C3F0FF; font-weight: bold; text-decoration: none; } #navigation-menu, #user-menu, #order-menu { display: inline-block; padding: 2px 4px 0px 4px; vertical-align: middle; text-align: left; position: relative; } #navigation-menu .menu-items, #user-menu .menu-items, #order-menu .menu-items { display: none; } #navigation-button:checked + .menu-items, #user-button:checked + .menu-items, #order-button:checked + .menu-items { display: inline-block; vertical-align: middle; white-space: nowrap; } #navigation-label, #user-label, #order-label { z-index: 1001; display: inline-block; vertical-align: middle; } #navigation-label img, #user-label img, #order-label img { pointer-events: none; } #navigation-menu input[type="checkbox"], #user-menu input[type="checkbox"], #order-menu input[type="checkbox"] { display: none; } </style> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="shortcut icon" href="https://files.phpclasses.org/graphics/phpclasses/favicon.ico"> <link rel="alternate" href="/browse/latest/latest.xml" type="application/rss+xml" title="Latest published classes"> <link rel="alternate" href="/reviews/latest/latest.xml" type="application/rss+xml" title="Latest published book reviews"> <link rel="canonical" href="https://www.phpclasses.org/discuss/blog/PHP-Classes-blog/post/67/thread/5/"> <link rel="preconnect" href="https://files.phpclasses.org/"> <link rel="preconnect" href="https://token.rubiconproject.com"> <link rel="preconnect" href="https://clevernt.com"> <link rel="preconnect" href="https://pagead2.googlesyndication.com"> <link rel="preconnect" href="https://www.google.com"> <link rel="preconnect" href="https://www.gstatic.com"> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://srv.buysellads.com"> <meta name="description" lang="en" content="just use Apache config to defend against malicious uploads. IMHO it is more elegant to solve the problem in the web server layer. Just disable all scripting for the uploaded file directory (Apache example): <Directory /var/www/mysite/uploads/> AllowOverride None AddType text/plain .php .phtml .php3 .phps .pl .cgi </Directory> "AllowOverride None" disables .htaccess scripts, which can be..."> <meta name="robots" content="noindex"> <meta property="fb:pages" content="114418241923267">  <script type="text/javascript"> //<![CDATA[ /* * contentLoader.js * * Get the latest version from: * * http://www.jsclasses.org/fast-content-loader * * @(#) $Id: contentLoader.js,v 1.17 2021/08/12 10:57:05 mlemos Exp $ * * * This LICENSE is in the BSD license style. * * * Copyright (c) 2010, Manuel Lemos * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Manuel Lemos nor the names of his contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Portions of the code that implement document write capture are based * on the Bezen library by Eric Brechemier licensed under the Creative * Commons Attribution license 3.0: * * http://creativecommons.org/licenses/by/3.0/ * * http://bezen.org/javascript/ * * Portions of the code that implement JavaScript lazy loading are based * on the Flying scripts by Gijo Varghese: * * https://wordpress.org/plugins/flying-scripts/ */ /*jslint browser: true, devel: true, long: true, single: true, white: true, this: true, for: true */ var ML; if(ML === undefined) { ML = {}; } if(ML.content === undefined) { ML.content = {}; } ML.content.contentLoader = function() { var doNotRemoveThisGetTheLatestVersionFrom = 'https://www.jsclasses.org/fast-content-loader'; var content = []; var update = null; var outputDebug = function(o, message) { if(o.debug) { if(console && console.log) { console.log(message); } else { alert(message); } } return false; }; var replaceContent = function(o) { var remaining = 0; var c; var delayed; var place; var replace; var events; for(c in content) { if(content.hasOwnProperty(c)) { if(!content[c].loaded) { delayed = document.getElementById(content[c].delayed); place = document.getElementById(content[c].id); if(delayed && place) { delayed.parentNode.removeChild(delayed); place.parentNode.replaceChild(delayed, place); delayed.style.display = (content[c].inline ? ((content[c].width || content[c].height) ? 'inline-block' : 'inline') : 'block'); content[c].loaded = true; } else { remaining = remaining + 1; } } } } if(remaining === 0) { window.clearInterval(update); update = null; events = [ 'keydown', 'mouseover', 'touchmove', 'touchstart' ]; replace = function() { document.querySelectorAll("script[data-loading='lazy']").forEach(function(element) { var source; source = element.getAttribute('data-src'); element.removeAttribute('data-src'); element.removeAttribute('data-loading'); element.setAttribute('src', source); } ); window.clearTimeout(update); update = null; events.forEach(function(event) { window.removeEventListener(event, replace, { passive: true }); } ); }; update = window.setTimeout(replace, o.lazyDelay); events.forEach(function(event) { window.addEventListener(event, replace, { passive: true }); } ); } return remaining; }; this.debug = false; this.defaultInline = false; this.updateInterval = 10; this.contentPrefix = 'con'; this.delayedPrefix = 'del'; this.delayedContent = ' '; this.lazyDelay = 5000; this.addContent = function(properties) { var i; var m; if(!properties.content) { return outputDebug(this, 'Content properties are missing'); } properties.id = this.contentPrefix + content.length; properties.delayed = this.delayedPrefix + content.length; if(properties.inline === undefined) { properties.inline = this.defaultInline; } properties.loaded = false; if(typeof properties.priority !== 'number') { properties.priority = 0; } document.write('<div id="' + properties.id + '" style="' + (properties.width ? 'width: ' + properties.width + 'px;' : '') + (properties.height ? ' height: ' + properties.height + 'px;' : '') + ' overflow: none; display: ' + (properties.inline ? ((properties.width || properties.height) ? 'inline-block' : 'inline') : 'block') + '">' + this.delayedContent + '</div>'); for(i = content.length; i > 0 && content[i - 1].priority < properties.priority; i = i - 1) { } for(m = content.length; m > i; m = m - 1) { content[m] = content[m - 1]; } content[i] = properties; return true; }; this.loadContent = function() { var o = this; var written; var write; var writeln; var reportError; var catchError; var trim; var hasAttribute; var moveScript; var moveScriptClone; var moveNodes; var insertWritten; var load; var c; if(window.opera || navigator.userAgent.indexOf('MSIE') !== -1) { written = []; write = function(html) { written.push(html); }; writeln = function(html) { write(html + "\n"); }; reportError = function(error, url, line) { if(typeof error === 'object') { reportError(error.message, error.fileName, error.lineNumber); return; } outputDebug(o, error + ' at ' + url + '[' + line + ']'); }; catchError = function(func, description) { var f; description = description || 'error.catchError'; if(typeof func !== 'function') { reportError(description + ': A function is expected, found ' + typeof func); f = function() { }; return f; } f = function() { try { return func.apply(this, []); } catch(e) { if(window.onerror) { window.onerror(description + ': ' + e.message + ' in ' + func, e.fileName, e.lineNumber, true); } } }; return f; }; trim = function(text) { return(text.replace(/^\s*/, '').replace(/\s*$/, '')); }; hasAttribute = function(node, attribute) { var attributeNode; if(node.hasAttribute) { return node.hasAttribute(attribute); } attributeNode = node.getAttributeNode(attribute); if(attributeNode === null) { return false; } return attributeNode.specified; }; moveScript = function(script, target, callback) { var safeCallback = catchError(callback, 'script.onload'); if(script.readyState && script.onload !== null) { script.onreadystatechange = function() { if(script.readyState === 'loaded' || script.readyState === 'complete') { script.onreadystatechange = null; script.onerror = null; safeCallback(); } }; } else { script.onload = safeCallback; } target.appendChild(script); }; moveScriptClone = function(script, target, callback) { var externalScript; var internalScript; var i; var attribute; var code; if(hasAttribute(script, 'src')) { externalScript = document.createElement('script'); for(i = 0; i < script.attributes.length; i = i + 1) { attribute = script.attributes[i]; if(hasAttribute(script, attribute.name)) { externalScript.setAttribute(attribute.name, attribute.value); } } externalScript.text = script.text; moveScript(externalScript, target, callback); } else { internalScript = script.cloneNode(false); internalScript.text = script.text; internalScript.type = 'any'; target.appendChild(internalScript); if(hasAttribute(script, 'type')) { internalScript.setAttribute('type', script.type); } else { internalScript.removeAttribute('type'); } code = trim(internalScript.text); if(code.indexOf('') { code = code.substr(0, code.length - 3); } } (new Function(code))(); callback(); } }; moveNodes = function(source, target, callback) { var nextSource; var nextTarget; var nextStep; var clone; var scriptCount; var sourceAncestor; if(source === null) { callback(); return; } nextSource = null; nextTarget = target; nextStep = function() { moveNodes(nextSource, nextTarget, callback); }; if(source.nodeName === 'SCRIPT' && (!source.language || source.language.toLowerCase() === 'javascript') && (!source.type || trim(source.type).toLowerCase() === 'text/javascript')) { setTimeout(function() { moveScriptClone(source, target, function() { insertWritten(target, nextStep); }); }, 0); } else { clone = source.cloneNode(false); target.appendChild(clone); setTimeout(nextStep, 0); if(source.firstChild) { scriptCount = source.getElementsByTagName('script').length; if(scriptCount === 0) { if(source.nodeName === 'TABLE') { clone.outerHTML = source.outerHTML; } else { clone.innerHTML = source.innerHTML; } } else { nextSource = source.firstChild; nextTarget = clone; } } } if(nextSource === null) { nextSource = source.nextSibling; } sourceAncestor = source.parentNode; while(nextSource === null && sourceAncestor !== null) { nextSource = sourceAncestor.nextSibling; nextTarget = nextTarget.parentNode; sourceAncestor = sourceAncestor.parentNode; } }; insertWritten = function(target, callback) { var div; if(written.length > 0) { div = document.createElement('div'); div.innerHTML = '<br>' + written.join(''); written = []; div.removeChild(div.firstChild); moveNodes(div.firstChild, target, callback); } else { callback(); } }; load = function() { var documentWrite = document.write; var documentWriteln = document.writeln; var loadContentElement; document.write = write; document.writeln = writeln; loadContentElement = function (c) { var div = document.getElementById(content[c].id); div.innerHTML = ''; write(content[c].content); insertWritten(div, function () { content[c].loaded = true; c = c + 1; if(c < content.length) { loadContentElement(c); } else { document.writeln = documentWriteln; document.write = documentWrite; } }); }; loadContentElement(0); }; if(content.length) { if(window.addEventListener) { window.addEventListener('load', load, false); } else { if(window.attachEvent) { window.attachEvent('onload', load); } else { if(document.addEventListener) { document.addEventListener('load', load, false); } else { document.attachEvent('onload', load); } } } } } else { for(c in content) { if(content.hasOwnProperty(c)) { if(!content[c].loaded) { document.write('<div id="' + content[c].delayed + '" style="' + (content[c].width ? 'width: ' + content[c].width + 'px;' : '') + (content[c].height ? ' height: ' + content[c].height + 'px;' : '') + ' overflow: none; display: none">' + content[c].content + '</div>'); } } } if(replaceContent(o) && update === null) { update = window.setInterval(function() { replaceContent(o); }, this.updateInterval); } } }; }; //]]> </script> <script type="text/javascript"></script>  <style type="text/css"> .forum-container { width: 50em; text-align: left; } .forum-message { width: 50em; overflow-x: auto; } .forum-post-comment-input { width: 40em; } .forum-post-comment-form { width: 40em; } @media (max-width: 640px) { .forum-container { width: 100%; } .forum-message { width: 100%; padding-left: 0; padding-right: 0; overflow-wrap: anywhere; } .forum-post-comment-input { width: 100%; } } </style> <script></script> </head> <body> <div id="fb-root"></div>  <script async data-src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2951707118576741" crossorigin="anonymous" data-loading="lazy"></script>   <script async data-src="//m.servedby-buysellads.com/monetization.js" data-loading="lazy"></script> <script> window.addEventListener("load", (event) => { (function () { if (typeof _bsa !== "undefined" && _bsa) { _bsa.init("stickybox", "CK7DPK3E", "placement:phpclassesorg"); } })(); }); </script>  <div id="MainContainer"> <div id="TopLine"></div> <div id="Container"> <div id="UserContent"> <div class="c1025" id="user-bar"><div id="user"><table width="100%" style="margin-bottom: 6px; " cellpadding="4" cellspacing="0" align="center"> <tr> <td width="49.5%" style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><a href="/login.html?page=discuss%2Fblog%2FPHP-Classes-blog%2Fpost%2F67%2Fthread%2F5%2F">Login</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><a href="/register.html?page=discuss%2Fblog%2FPHP-Classes-blog%2Fpost%2F67%2Fthread%2F5%2F">Register</a></td> <td width="49.5%" style=" white-space: nowrap ; padding: 1px"> </td> </tr> </table> </div></div> <div class="u1025 responsive-menu"><form style="margin: 0" action="/search.html" method="get" onsubmit="this['q'].value = this['words'].value;"> <div id="navigation-menu"><input type="checkbox" id="navigation-button"><div class="menu-items"><div><img src="https://files.phpclasses.org/graphics/phpclasses/browse.png" width="24" height="24" loading="lazy" alt="All class groups" style="border: 0; vertical-align: middle"> <a href="/browse/">All class groups</a></div> <div><img src="https://files.phpclasses.org/graphics/phpclasses/latest.png" width="24" height="24" loading="lazy" alt="Latest entries" style="border: 0; vertical-align: middle"> <a href="/browse/latest/latest.html">Latest entries</a></div> <div><img src="https://files.phpclasses.org/graphics/phpclasses/top.png" width="24" height="24" loading="lazy" alt="Top 10 charts" style="border: 0; vertical-align: middle"> <a href="/browse/top/top.html">Top 10 charts</a></div> <div><img src="https://files.phpclasses.org/graphics/phpclasses/blog.png" width="24" height="24" loading="lazy" alt="Blog" style="border: 0; vertical-align: middle"> <a href="/blog/">Blog</a></div> <div><img src="https://files.phpclasses.org/graphics/phpclasses/forum.png" width="24" height="24" loading="lazy" alt="Forums" style="border: 0; vertical-align: middle"> <a href="/discuss/">Forums</a></div> <div><img src="https://files.phpclasses.org/graphics/phpclasses/shop.png" width="24" height="24" loading="lazy" alt="Shop" style="border: 0; vertical-align: middle"> <a href="/shop/">Shop</a></div> <div><img src="https://files.phpclasses.org/graphics/phpclasses/help.png" width="24" height="24" loading="lazy" alt="Help" style="border: 0; vertical-align: middle"> <a href="/faq/">Help</a></div> </div><label for="navigation-button" id="navigation-label"><span class="drop-icon"><img src="https://files.phpclasses.org/graphics/phpclasses/menu.png" width="24" height="24" loading="lazy" alt="Navigation menu" style="border: 0"></span></label></div><a href="/"><img src="https://files.phpclasses.org/graphics/phpclasses/logo-small-phpclasses.svg" width="75" height="24" loading="lazy" alt="logo small" style="vertical-align: top"></a><div id="user-menu"><input type="checkbox" id="user-button"><div class="menu-items"><div><a href="/login.html?page=discuss%2Fblog%2FPHP-Classes-blog%2Fpost%2F67%2Fthread%2F5%2F">Login</a></div> <div><a href="/register.html?page=discuss%2Fblog%2FPHP-Classes-blog%2Fpost%2F67%2Fthread%2F5%2F">Register</a></div> </div><label for="user-button" id="user-label"><span class="drop-icon"><img src="https://files.phpclasses.org/graphics/phpclasses/user-menu.png" width="24" height="24" loading="lazy" alt="User menu" style="border: 0"></span></label></div><div class="search-input"><input type="text" name="words" size="16" placeholder="Search" style="margin-left: 5px; margin-right: 5px"> <input type="hidden" name="q"> <input type="image" src="https://files.phpclasses.org/graphics/phpclasses/search.png" align="middle" style="width: 24px; height: 24px;" alt="Search"></div><input type="hidden" name="go_search" value="1"> </form></div> </div> <div id="logoPHP" class="c1025"> <div id="logoContainer"><a href="/"><img src="https://files.phpclasses.org/graphics/phpclasses/logo-phpclasses.png" width="180" height="60" loading="lazy" alt="PHP Classes" style="border: 0"></a></div> <div id="topAds"></div> </div> <div id="PageContent"> <div id="Top"> <h1>Re: PHP security exploit with GIF images</h1> <div id="subtitle"></div> </div> <div id="PageInfo"> <div class="c1025"><div id="navigation"><form style="margin: 0" action="/search.html" method="get" onsubmit="this['q'].value = this['words'].value;"> <table width="100%" style="margin-bottom: 6px; " cellpadding="4" cellspacing="0" align="center"> <tr> <td width="49.5%" style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><a href="/search.html">Search</a> <div class="search-input"><input type="text" name="words" size="16" placeholder="Search" style="margin-left: 5px; margin-right: 5px"> <input type="hidden" name="q"> <input type="image" src="https://files.phpclasses.org/graphics/phpclasses/search.png" align="middle" style="width: 24px; height: 24px;" alt="Search"></div></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/browse.png" width="24" height="24" loading="lazy" alt="All class groups" style="border: 0; vertical-align: middle"> <a href="/browse/">All class groups</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/latest.png" width="24" height="24" loading="lazy" alt="Latest entries" style="border: 0; vertical-align: middle"> <a href="/browse/latest/latest.html">Latest entries</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/top.png" width="24" height="24" loading="lazy" alt="Top 10 charts" style="border: 0; vertical-align: middle"> <a href="/browse/top/top.html">Top 10 charts</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/blog.png" width="24" height="24" loading="lazy" alt="Blog" style="border: 0; vertical-align: middle"> <a href="/blog/">Blog</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/forum.png" width="24" height="24" loading="lazy" alt="Forums" style="border: 0; vertical-align: middle"> <a href="/discuss/">Forums</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/shop.png" width="24" height="24" loading="lazy" alt="Shop" style="border: 0; vertical-align: middle"> <a href="/shop/">Shop</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/help.png" width="24" height="24" loading="lazy" alt="Help" style="border: 0; vertical-align: middle"> <a href="/faq/">Help</a></td> <td width="49.5%" style=" white-space: nowrap ; padding: 1px"> </td> </tr> </table> <input type="hidden" name="go_search" value="1"> </form></div></div> <div class="c1025"><div id="recommendpage"><div id="recommendpagecontainer"><table cellspacing="2" cellpadding="0" align="center"> <tr> <td class="tabcontent box light"><a href="https://www.phpclasses.org/recommend_page.html?title=Re%3A+PHP+security+exploit+with+GIF+images&page=%2Fdiscuss%2Fblog%2FPHP-Classes-blog%2Fpost%2F67%2Fthread%2F5%2F">Recommend</a> this page to a friend!</td> </tr> </table></div></div> </div> <div> <div class="InfoContent"></div> <div id="ads"></div> <div class="BodyContent"> <div class="BodyColumn"></div> <div id="BodyContent" class="InfoContent"><br /> <table width="100%" style="margin-bottom: 6px; " cellpadding="4" cellspacing="0"> <tr> <td width="47.5%" class="nbgu"> </td> <td class="nbgu" width="4%"> </td> <td class="nbgu"> </td> <td class="c499 nbtu light"><a href="/blog/">PHP Classes blog</a></td> <td class="c499 nbgu"> <b>></b> </td> <td class="c499 nbtu light"><a href="/blog/post/67-PHP-security-exploit-with-GIF-images.html">PHP security exploit ...</a></td> <td class="c499 nbgu"> <b>></b> </td> <td class="nbtu light"><a href="/discuss/blog/PHP-Classes-blog/post/67/">All threads</a></td> <td class="c640 nbgu"> <b>></b> </td> <td class="c640 nblu"><b>Re: PHP security exploit with GIF images</b></td> <td class="nbgu"> <b>></b> </td> <td class=" nbtu light"><a href="/subscribe_forum.html?blog=PHP-Classes-blog&post=67&thread=5">(Un) Subscribe thread alerts</a></td> <td width="47.5%" class="nbgu"> </td> </tr> </table> <table align="center" class="forum-message"><tr><td valign="middle"><table cellpadding="2" cellspacing="0" style="width: 100%; height: 280px"> <tr class="even"><th nowrap="nowrap" align="right" width="1%">Subject:</th><td>Re: PHP security exploit with GIF images</td></tr> <tr class="odd" valign="top"><th nowrap="nowrap" align="right" width="1%">Summary:</th><td>just use Apache config to defend against malicious uploads</td></tr> <tr class="even" valign="top"><th nowrap="nowrap" align="right" width="1%">Messages:</th><td>1</td></tr> <tr class="odd"><th nowrap="nowrap" align="right" width="1%">Author:</th><td>Emilis Dambauskas</td></tr> <tr class="even"><th nowrap="nowrap" align="right" width="1%">Date:</th><td>2007-06-20 08:23:30</td></tr> <tr class="odd"><th nowrap="nowrap" align="right" width="1%">Update:</th><td>2007-06-20 08:29:59</td></tr> <tr class="framed light" style="height: 99%"><td colspan="2"> </td></tr> </table> </td><td class="c640" style="width: 336px; height: 280px" valign="top"><script type="text/javascript"></script> </td></tr></table><script type="text/javascript">  </script> <table align="center" cellpadding="0" cellspacing="0"> <tr> <td valign="top" id="vertical_banner" style="width: 1px" class="c1025"> <script type="text/javascript">  </script> </td> <td valign="top"><div style="overflow: auto;"> <br /> <a name="message8"></a><table style="margin-bottom: 6px; " class="forum-message" cellpadding="4" cellspacing="0" align="center"> <tr> <td width="1%" class="nbgu"> </td> <td class="c499 nblu"><b>1. Re: PHP security exploit with GIF images</b></td> <td class="nbgu"> </td> <td class="nbtu light"><a href="/post_forum_message.html?blog=PHP-Classes-blog&post=67&message=4829">Reply</a></td> <td class="nbgu"> </td> <td class="nbtu light"><a href="/report_forum_abuse.html?blog=PHP-Classes-blog&post=67&message=4829">Report abuse</a></td> <td width="98%" class="nbgu"> </td> </tr> </table>  <div align="center"><div class="forum-container"> <div class="framed dark"><img class="photo" src="https://files.phpclasses.org/picture/user/44131.jpg" width="21" height="24" alt="Picture of Emilis Dambauskas" title="Picture of Emilis Dambauskas" align="top" loading="lazy"> Emilis Dambauskas - 2007-06-20 08:29:59</div> <div class="framed light forum-message">IMHO it is more elegant to solve the problem in the web server layer.<br /> <br /> Just disable all scripting for the uploaded file directory (Apache example):<br /> <br /> <Directory /var/www/mysite/uploads/><br /> AllowOverride None<br /> AddType text/plain .php .phtml .php3 .phps .pl .cgi<br /> </Directory><br /> <br /> "AllowOverride None" disables .htaccess scripts, which can be uploaded too.<br /> <br /> If you have a separate server for uploads, then don't install php, perl, cgi, etc. on it and you'll be safe.</div> </div></div> <br> </div></td> </tr> </table> <div class="c1025"><script type="text/javascript"></script> </div><script type="text/javascript"></script> <script type="text/javascript"></script> </div> <div class="BodyColumn"></div> </div> </div> </div> <div id="FooterInfo"> <div class="c1025"><div id="endnavigation"><table width="100%" style="margin-top: 6px; " cellpadding="4" cellspacing="0"> <tr> <td width="49.5%" style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/user.png" width="24" height="24" loading="lazy" alt="About us" style="border: 0; vertical-align: middle"> <a href="/about">About us</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/buy.png" width="24" height="24" loading="lazy" alt="Advertise on this site" style="border: 0; vertical-align: middle"> <a href="/sponsor.html" target="_blank">Advertise on this site</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/map.png" width="24" height="24" loading="lazy" alt="Site map" style="border: 0; vertical-align: middle"> <a href="/sitemap/">Site map</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/new.png" width="24" height="24" loading="lazy" alt="Newsletter" style="border: 0; vertical-align: middle"> <a href="/newsletter/">Newsletter</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/statistics.png" width="24" height="24" loading="lazy" alt="Statistics" style="border: 0; vertical-align: middle"> <a href="/browse/statistics/statistics.html">Statistics</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/tip.png" width="24" height="24" loading="lazy" alt="Site tips" style="border: 0; vertical-align: middle"> <a href="/tips.html">Site tips</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/privacy.png" width="24" height="24" loading="lazy" alt="Privacy policy" style="border: 0; vertical-align: middle"> <a href="/faq/#privacy-policy">Privacy policy</a></td> <td style=" white-space: nowrap ; padding: 1px"> </td> <td style=" white-space: nowrap ;"><img src="https://files.phpclasses.org/graphics/phpclasses/mail.png" width="24" height="24" loading="lazy" alt="Contact" style="border: 0; vertical-align: middle"> <a href="/faq/#contact">Contact</a></td> <td width="49.5%" style=" white-space: nowrap ; padding: 1px"> </td> </tr> </table> </div></div> <div id="invertedCompanyLogo"><a href="https://www.icontem.com/" target="_blank" rel="noreferrer nofollow noopener noreferer"><img src="https://files.phpclasses.org/graphics/inverted-icontem.png" width="180" height="60" loading="lazy" alt="Icontem" style="border: 0"></a></div> <div id="Copyright">Copyright (c) <a href="https://www.icontem.com/" rel="noreferrer nofollow noopener noreferer" target="_blank">Icontem</a> 1999-2024</div> <div id="Contact"><address>For more information send a message to <code><a target="_blank" href="/faq/#contact">info at phpclasses dot org</a></code>.</address> <div class="contactBar"><div style="background-color: #25d366; border-radius: 8px; padding: 7px 3px 4px 6px; margin: 4px; border-width: 1px; border-color: #000000; border-style: solid; width: 37px"><a target="_blank" href="https://api.whatsapp.com/send?phone=5514998068719&text=Hello%2C+I+visited+your+site++and+I+need+your+help." title="Contact us using WhatsApp"><?xml version="1.0" encoding="UTF-8" standalone="no"?>  <svg xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" version="1.1" id="svg2" xml:space="preserve" width="32.950111" height="32.641735" viewBox="0 0 32.950112 32.641736" sodipodi:docname="WhatsApp_Logo_2.svg" inkscape:version="0.92.2 5c3e80d, 2017-08-06"><metadata id="metadata8"><rdf:RDF><cc:Work rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs id="defs6"><clipPath clipPathUnits="userSpaceOnUse" id="clipPath18"><path d="M 0,1066.861 H 1280.244 V 0 H 0 Z" id="path16" inkscape:connector-curvature="0" /></clipPath><clipPath clipPathUnits="userSpaceOnUse" id="clipPath30"><path d="M 0,1066.861 H 1280.244 V 0 H 0 Z" id="path28" inkscape:connector-curvature="0" /></clipPath></defs><sodipodi:namedview pagecolor="#ffffff" bordercolor="#666666" borderopacity="1" objecttolerance="10" gridtolerance="10" guidetolerance="10" inkscape:pageopacity="0" inkscape:pageshadow="2" inkscape:window-width="1920" inkscape:window-height="993" id="namedview4" showgrid="false" inkscape:zoom="1" inkscape:cx="-265.30262" inkscape:cy="-256.21845" inkscape:window-x="0" inkscape:window-y="0" inkscape:window-maximized="1" inkscape:current-layer="g10" fit-margin-top="0" fit-margin-left="0" fit-margin-right="0" fit-margin-bottom="0" /><g id="g10" inkscape:groupmode="layer" inkscape:label="WhatsApp_Logo_2" transform="matrix(1.3333333,0,0,-1.3333333,-830.48251,714.48498)"><g id="g12" transform="matrix(0.01930303,0,0,0.02294704,622.8619,511.38245)"><g id="g14" clip-path="url(#clipPath18)"><g id="g20" transform="translate(1260.3838)"><path d="m 0,0 h -1240.524 c -10.968,0 -19.86,8.892 -19.86,19.86 v 1027.142 c 0,10.968 8.892,19.859 19.86,19.859 H 0 c 10.968,0 19.86,-8.891 19.86,-19.859 V 19.86 C 19.86,8.892 10.968,0 0,0" style="fill:#25d366;fill-opacity:1;fill-rule:nonzero;stroke:none" id="path22" inkscape:connector-curvature="0" /></g></g></g><g id="g24" transform="matrix(0.05,0,0,0.05,603.45728,497.44195)"><g id="g26" clip-path="url(#clipPath30)"><g id="g32" transform="translate(736.1802,489.2339)"><path d="m 0,0 c -5.211,2.608 -30.831,15.213 -35.608,16.954 -4.776,1.739 -8.25,2.607 -11.724,-2.608 -3.474,-5.216 -13.461,-16.955 -16.501,-20.433 -3.039,-3.477 -6.079,-3.914 -11.29,-1.304 -5.211,2.608 -22.002,8.11 -41.906,25.865 -15.491,13.818 -25.95,30.882 -28.989,36.099 -3.04,5.217 -0.325,8.037 2.284,10.635 2.345,2.335 5.212,6.087 7.817,9.13 2.606,3.042 3.474,5.217 5.211,8.693 1.737,3.479 0.869,6.521 -0.435,9.129 -1.302,2.608 -11.724,28.259 -16.066,38.694 -4.23,10.16 -8.526,8.784 -11.725,8.945 -3.036,0.151 -6.514,0.183 -9.987,0.183 -3.474,0 -9.12,-1.304 -13.897,-6.52 -4.776,-5.217 -18.238,-17.825 -18.238,-43.473 0,-25.651 18.672,-50.429 21.278,-53.907 2.606,-3.479 36.745,-56.113 89.021,-78.685 12.432,-5.37 22.139,-8.576 29.707,-10.977 12.483,-3.967 23.843,-3.407 32.822,-2.065 10.012,1.495 30.831,12.605 35.174,24.777 C 11.29,-18.693 11.29,-8.26 9.987,-6.087 8.685,-3.913 5.211,-2.609 0,0 m -95.082,-129.825 h -0.07 c -31.105,0.012 -61.613,8.369 -88.227,24.162 l -6.33,3.757 -65.606,-17.21 17.511,63.966 -4.121,6.559 c -17.352,27.598 -26.517,59.496 -26.503,92.25 0.038,95.573 77.8,173.329 173.415,173.329 46.3,-0.016 89.822,-18.07 122.551,-50.836 C 60.265,133.388 78.278,89.836 78.26,43.519 78.221,-52.062 0.46,-129.825 -95.082,-129.825 M 52.446,191.049 c -39.375,39.421 -91.739,61.14 -147.53,61.163 -114.953,0 -208.511,-93.552 -208.557,-208.54 -0.015,-36.758 9.588,-72.635 27.839,-104.264 l -29.587,-108.071 110.558,29.001 c 30.462,-16.615 64.759,-25.373 99.664,-25.384 h 0.085 10e-4 c 114.941,0 208.507,93.561 208.554,208.551 0.021,55.726 -21.652,108.124 -61.027,147.544" style="fill:#ffffff;fill-opacity:1;fill-rule:evenodd;stroke:none" id="path34" inkscape:connector-curvature="0" /></g></g></g></g></svg></a></div><div style="background-color: #ffffff; border-radius: 8px; padding: 4px 4px 4px 5px; margin: 4px; border-width: 1px; border-color: #000000; border-style: solid; width: 37px"><a target="_blank" href="https://m.me/114418241923267" title="Contact us using Messenger"><?xml version="1.0" encoding="UTF-8" standalone="no"?>  <svg xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" width="35.84" height="35.84" viewBox="0 0 35.84 35.84" version="1.1" id="svg22" sodipodi:docname="logo.svg" inkscape:version="0.92.2 5c3e80d, 2017-08-06"> <metadata id="metadata26"> <rdf:RDF> <cc:Work rdf:about=""> <dc:format>image/svg+xml</dc:format> <dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage" /> </cc:Work> </rdf:RDF> </metadata> <sodipodi:namedview pagecolor="#ffffff" bordercolor="#666666" borderopacity="1" objecttolerance="10" gridtolerance="10" guidetolerance="10" inkscape:pageopacity="0" inkscape:pageshadow="2" inkscape:window-width="1920" inkscape:window-height="993" id="namedview24" showgrid="false" inkscape:zoom="0.74362183" inkscape:cx="-718.6531" inkscape:cy="-73.162608" inkscape:window-x="0" inkscape:window-y="0" inkscape:window-maximized="1" inkscape:current-layer="svg22" /> <title id="title2">Contact us using Messenger</title> <defs id="defs13"> <radialGradient cx="265.97925" cy="917.72095" fx="265.97925" fy="917.72095" r="871.6759" id="radialGradient-1" gradientUnits="userSpaceOnUse"> <stop stop-color="#0099FF" offset="0%" id="stop4" /> <stop stop-color="#A033FF" offset="60.9753877%" id="stop6" /> <stop stop-color="#FF5280" offset="93.482299%" id="stop8" /> <stop stop-color="#FF7061" offset="100%" id="stop10" /> </radialGradient> </defs> <g id="g20" style="fill:none;fill-rule:evenodd;stroke:none;stroke-width:1" transform="scale(0.035)"> <rect id="bounding-box" x="0" y="0" width="1024" height="1024" style="fill:#ffffff;fill-opacity:0" /> <g id="logo"> <path d="m 512,122 c -225.332,0 -400,165.056 -400,388 0,116.6144 47.792,217.3824 125.6224,286.984 6.5336,5.848 10.4776,14.04 10.7456,22.808 l 2.1784,71.152 c 0.696,22.696 24.1392,37.464 44.9072,28.296 l 79.3944,-35.048 c 6.7304,-2.968 14.272,-3.52 21.364,-1.568 C 432.696,892.656 471.5264,898 512,898 737.332,898 912,732.944 912,510 912,287.056 737.332,122 512,122 Z" id="Path" inkscape:connector-curvature="0" style="fill:url(#radialGradient-1)" /> <path d="m 271.8016,623.4688 117.5,-186.416 c 18.6904,-29.656 58.7144,-37.04 86.7584,-16.008 l 93.4536,70.0904 c 8.5744,6.432 20.372,6.3976 28.9104,-0.0824 l 126.2136,-95.788 c 16.8464,-12.784 38.836,7.376 27.5624,25.2664 L 634.7,606.9488 c -18.692,29.6544 -58.716,37.04 -86.7584,16.0064 l -93.456,-70.092 c -8.5736,-6.4304 -20.372,-6.396 -28.9096,0.084 l -126.2144,95.788 c -16.8456,12.7832 -38.836,-7.3768 -27.56,-25.2664 z" id="path17" inkscape:connector-curvature="0" style="fill:#ffffff" /> </g> </g> </svg> </a></div><div style="background-color: #000000; border-radius: 8px; padding: 5px 4px 5px 5px; margin: 4px; border-width: 1px; border-color: #000000; border-style: solid; width: 37px"><a target="_blank" href="mailto:info@phpclasses.org" title="Contact us using email"><img src="https://files.phpclasses.org/graphics/phpclasses/mail-medium.png" width="36" height="36" loading="lazy" alt="Contact us using email" style="border: 0; vertical-align: middle"></a></div></div></div> </div> </div> </div> </div> <div style="display: none">  <script async data-src="//m.servedby-buysellads.com/monetization.js" data-loading="lazy"></script> <script> window.addEventListener("load", (event) => { (function () { if (typeof _bsa !== "undefined" && _bsa) { _bsa.init("stickybox", "CK7DPK3E", "placement:phpclassesorg"); } })(); }); </script>  </div> </body> </html>

CINXE.COM

Re: PHP security exploit with GIF images - Comments on PHP Classes blog post "PHP security exploit ..." - PHP Classes