Due to the recent number of "Spam" comments received on this blog, I have been forced to implement the restriction that all users must be registered and logged in before they can submit comments. Sorry for any inconvenience; once again you can thank the spamming scum of the world who do their best to ruin the interenet for the rest of us.
I recently downloaded and installed the Community Edition (i.e.: free) of the Aptana Studio IDE, which includes a PHP plug-in. My initial impression is a good one, and at some point I'll probably write a review here; but for now I just wanted to report on a problem I encountered and the very simple fix that resolved it.
The issue was that when I clicked on the File -> New... menu selection, it listed options for several types of files to create (HTML, JavaScript, CSS, etc.), but there was no option for a new PHP file. This causes two problems: you cannot then have it start with your desired template PHP text, plus the editor does not start in what I'll call a "PHP mode" where features like syntax highlighting and parse error checking work.
I just saw this post by "jazz_snob" posted at PHPBuilder.com, suggesting a means to secure untrusted image files. The basic idea is to use PHP's GD image functions to create a copy of the file. As doing so would decompose the specified file into GD's native bitmap format, and then recompose it into the desired image file type, any embedded "nastiness" within the original file ought to be left behind. It could be implemented into a function something like:
<?php
/**
* Copy an image to help ensure it is not "infected"
* @author Charles Reace (www.charles-reace.com)
* @param string path to image file to be copied
* @return resource GD image resource, boolean false if error
*/
function secureImage($filePath)
{
$sizeData = getimagesize($filePath);
if($sizeData === false)
{
user_error(__FUNCTION__ . "(): Unable to get imsge data");
return false;
}
list($unused, $type) = explode('/', $sizeData['mime']);
switch($type)
{
case 'gif':
$fh = imagecreatefromgif($filePath);
break;
case 'png':
$fh = imagecreatefrompng($filePath);
break;
case 'jpeg':
$fh = imagecreatefromjpeg($filePath);
break;
default:
user_error(__FUNCTION__ . "(): Unsupported image type '$type'");
return false;
}
return $fh;
}
// Sample usage:
$fh = secureImage('bg.gif');
if(!$fh)
{
header('HTTP/1.0: 404 Not Found');
exit;
}
header('Content-Type: image/gif');
imagegif($fh);
If any of you readers happens to have access to an "infected" image file and a safe sandbox where you could test the above, I'd be very interested to know if it does, in fact, filter out the non-image virus or whatever is embedded, or at the very least reject it with an error.