Im new to the filesystem from Laravel, but I need an upload script that allows users to upload images to my server. However, i'm concerned about securety, so I thought why not ask for advice.
Basicly, this is how I check the user upload and how I upload the file:
My request:
return [
'profile_picture' => 'image',
];
My check if the image is actually an image and not some bad maleware:
function checkIfImageIsAllowed($file) {
$allowedMimes = [
'image/jpeg',
'image/jpg',
'image/png'
];
$allowedExtensions = [
'jpg',
'JPG',
'jpeg',
'png'
];
$allowedMaxSize = 2000000;
if(!in_array($file->getClientOriginalExtension(), $allowedExtensions) || !in_array($file->getMimeType(), $allowedMimes) || $file->getSize() > $allowedMaxSize) {
return false;
}
return true;
}
And than I upload the file:
$path = $request->file('profile_picture')->store('UserUpload/Images');
This is how I display the Image:
$images = \App\Image::where('uuid', $uuid)->firstOrFail();
$path = $images->path;
$image = Storage::get($path);
$response = Response::make($image, 200);
$response->header("Content-Type", $images->memeType);
return $response;
What are your thoughts about this? Do you think this is secure enough? Or do you have some improvement for this?
Thank you!
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire