After reading some articles about this security issue. I had tried out and tested it by myself. And I found that the PHP-function getimagesize() had failed in validating the "crafted GIF image"(i.e. the Gif that embeded PHP codes).
This may cause the serious security problems to those web systems which only depend on getimagesize() for validating the images. Anyway, such problem shouldn't be an issue, when we accept only those images with valid extensions to be uploaded.
Generally, the security problems are rarely come from the PHP Language itself, but it depends on how the coders writing their codes!
From Yinkc
devland.webstrait.com/?p=7
Yin Kok Chong - 2007-06-24 21:41:41
