samayo / bulletproof Goto Github PK

commonFileUploadErrors() fails pre 5.4. It would be nice to have it work properly in earlier versions for older websites.

Hello. I try to use this lib with example from main page. I get error:

Fatal error: Call to a member function getLocation() on null in /opt/lampp/htdocs/bb/vendor/samayo/bulletproof/src/bulletproof.php on line 479

And 479 line:

$location = $this->setLocation()->getLocation();

Any one has the same problem?

I want to allow SVG file upload and it won't allow me to.

Hello!

I am attempting to setup just the example you have in the readme. When viewing the page I get a PHP error, "unexpected '[' in bulletproof.php on line 91". Looking at that line I am not seeing any syntax errors.

I am running this with PHP 5.3. Is there any minimum system requirements for this script to work?

Hi,

I try to resize my picture with the new size = 200x200px
If i got a bigger picture, all work fine, but on a small picture 186x102, with the upsize param = true, i don't get a picture at the expected 200x109 mimension, but the same image at 186x102, the dimension is inchanged.

What am i missing ? for me the upscale parameter should strech my picture on width axis or height axis.

Thank you for your help

Hello,

I've come across an article on internet: https://imperavi.com/redactor/docs/security/

There is a section about image file type detection.

What do you think about this function?

function is_image($image_path)
{
    if (!$f = fopen($image_path, 'rb'))
    {
        return false;
    }

    $data = fread($f, 8);
    fclose($f);

    // signature checking
    $unpacked = unpack("H12", $data);
    if (array_pop($unpacked) == '474946383961' 
    || array_pop($unpacked) == '474946383761') return "gif";

    $unpacked = unpack("H4", $data);
    if (array_pop($unpacked) == 'ffd8') return "jpg";
    $unpacked = unpack("H16", $data);
    if (array_pop($unpacked) == '89504e470d0a1a0a') return "png";

    return false;
}

Maybe you can add into your library?

Hello, love the basic features of the class, they work fine!

But having issues with the shrinking side of things.

I want to resize all images (if larger than 1000px in width) to a max width of 1000px.

I cant find any information or examples on how to shrink in ratio?

e.g. using this:

if($_FILES){
echo $bulletProof
->uploadDir("../phpLibs/bulletproof-master/src/userBuildImages")
->limitSize(array("min"=>1000, "max"=>50000000)) // limit image size (in bytes)
->shrink(array("width"=>1000, "height"=>1000, "shrinkRatio"=>true))
->upload($_FILES['picture']);
}

This shrinks the image to 1000 x 1000 but not sure on how to only give a shrink width and then have the height shrink in ratio.

Thanks. Craig.

Is it possible with bulletproof?

The form in the example allows selection of non-image files. Since the uploader works with images by default, it is better to set accept="image/*", as shown:

<input type="file" name="pictures" accept="image/*"/>

Considered as an enhancement.

I keep getting this error

string(45) "Image is larger than specified by the browser"

What should that mean? By the way, not sure if correct but I noticed that I have to chmod image folder 777, don't know why 755 doesn't work.

Also my site is protected all of it by lets encrypt ssl, don't know if that has a role to play as well in any possible errors

my code

<? require('common/session.php');
 require "common/vendor/samayo/bulletproof/src/utils/func.image-resize.php";
$image = new Bulletproof\Image($_FILES);
$image->setMime(array('jpeg', 'gif', 'png', 'jpg'))
    ->setLocation(__DIR__ . "/avatars");


if (isset($_POST['submit'])){
filter_var_array($_POST, FILTER_SANITIZE_STRING);
    $data = $_POST['data'];
    $cdata = $_POST['cdata'];
    $data['email'] = strtolower(preg_replace('/\s+/', '', $data['email']));
    $cdata['email'] = strtolower(preg_replace('/\s+/', '', $cdata['email']));
    $data['phone'] = preg_replace('/\s+/', '', $data['phone']);
    $cdata['phone'] = preg_replace('/\s+/', '', $cdata['phone']);
    $data['deleted']  = 0;
    $cdata['deleted'] = 0;



$image->setMime(array('jpeg', 'gif', 'png', 'jpg'))
      ->setLocation(__DIR__ . "/avatars");
    
    
    if($image["photo"]){
    
        
        $upload = $image->upload(); 
        
        if($upload){
            $resize = Bulletproof\resize(
                $image->getFullPath(), 
                $image->getMime(),
                $image->getWidth(),
                $image->getHeight(),
                120,
                120
         );
            $data['photo'] = $upload->getName() . '.' . $upload->getMime();    

        }else{
          echo "error while uploading " . $image['error'];
            $data['photo'] = '';
        }



} else{
  if($image['error']){
    $data['photo'] = '';
    var_dump($image['error']);
  }

  
} 





  
  $company = $db->company->create($cdata);
       $company->save();               
     $user = $db->user->create($data);
     $user->relate($company);
     $user->save();
}
//header("Location:index.php");
//exit;

is it possibel to intergreate bulletproof into a mvc app?

Im rather unfamiliar with controllers and models.

Hello, I am uploading an image more than the max size, and it shows a blank page instead of an error.

Below is my code in the form:

<form enctype="multipart/form-data" method="post" action="imageupload.php">
    <input type="hidden" class="form-control" name="MAX_FILE_SIZE" value="5000000"/> //For 5MB
    <input type="file" name="pictures" id="fileToUpload" />
    <button type="submit" class="btn btn-info btn-fill pull-right">Update</button>
    <div class="clearfix"></div>                                    
</form>

And imageupload.php is as below:

<?php
require_once  "bulletproof/src/bulletproof.php";
try{
    $image = new Bulletproof\Image($_FILES);
    $image->setName(time());
    $image->setLocation('images/');
    if($image["pictures"]){
        $upload = $image->upload(); 
        if($upload){
            header("Location:form.php?success=Image uploaded successfully");
        }
        else
        {
            $errormsg=$image['error'];
            header("Location:form.php?failure=$errormsg");
        }
    }
}
catch(\Exception $e)
{
echo $e->getMessage(); 
}
?>

As you can see, here I have used a limit of 5MB for the images, but when I try to upload an image more than 5MB, it shows no error, just blank page.

Then I kind of played with the code, and found out that, whenever we upload images more than the limit, it goes to the else of if($image["pictures"]) which is not written in the readme. I can simply make the else with a message that "Error: The file size is more than 5MB".

But I want to know, if there is any other way we can detect if the image is more than 5MB and give a message according to that which is already included in the bulletproof features.

Hi, it's me again,

currently not use it on my project but I think I need to tell you that there is NULL returned when calling to getMime. Thanks

Hi,

You use the same $image-variable for the image path parameter and for imagecreatefromstring() and this can cause the rezise to fail with a warning:

Warning: imagejpeg(): supplied resource is not a valid stream resource in

I simply changed lines 42-55 to fix this:

$imageFromString = imagecreatefromstring($imgString);
$tmp = imagecreatetruecolor($newWidth, $newHeight);
imagecopyresampled(
    $tmp,
    $imageFromString,
    0,
    0,
    0,
    0,
    $newWidth,
    $newHeight,
    $imgWidth,
    $imgHeight
);

Why $image->getName() doesn't get the file extension?!

Maybe you can create getNameWithExtension() or similar.

I guess you wanted to add more entropy for id generator there, but ended up adding 1's in the beginning of file names. If so, should be uniqid('', true) instead.

See the manual for details.

As the topic says.

Im not the only one experiencing this problem: http://stackoverflow.com/questions/5301006/image-getting-rotated-automatically-on-upload/5301280#5301280

And it maybe so that i have found a solution: http://se1.php.net/manual/en/function.exif-read-data.php#110894

But unfortunately, i don't know how to implement this piece of code.

While the referencing of that specific Bible verse is actually pretty interesting in this context, it's important for both open source and commercial projects that external libraries have legally enforceable licenses.

Please consider adding an actual license to this project. The MIT license is very short and seems to match your intent, for example.

It'd be great if there was an override for the mime-based extension, as certain browsers seem to upload files as .jpeg not .jpg (even when uploading a .jpg file) which causes the output file to be also named filename.jpeg.

It'd be preferable if there wasn't a separate manipulation step I have to do before using the image. Either an override to force a specific extension, or an assumption that .jpg is what is used when a .jpeg is uploaded. I imagine this would be also useful for .tif/.tiff images as well.

Hi,

As a really newbie, I would like to ask if there is any way to upload multiple images..

Is there any example ?

Thanks!

https://security.stackexchange.com/questions/235/what-steps-should-be-taken-to-validate-user-uploaded-images-within-an-applicatio/3016#3016

Because of GIFAR, XSS, and File Inclusion
Additionally, not as a technical security concern, but as a meatspace security concern, it'd be nice for it to be stripping exif things like geocodes.

Hi,
Nice project. FYI, Just try it on my API project and use the original error message when parsing it to JSON. Got "Bad String" on invalid image dimension error message.

Will be a bad string in JSON because of backslash:
"message":"Image height/width should be less than ' 1000 \ 1000 ' pixels"

Just change it to forwardslash to be acceptable in JSON format:
"message":"Image height/width should be less than ' 1000 / 1000 ' pixels"

is there any reason why you use the backslash?

Thanks.

If i use the resize function the url i get is:

imagename.png/var/www/www.example.com/images

When i don't use the resize function i get:

/var/www/www.example.com/images/imagename.png

There's a small typo in a comment (line 27) in the image resize function.
It says "// If the given width is larger then the image height, then resize it."
Probably should say "// If the given width is larger then the image width, then resize it."

Seems the $image["pictures"] doesn't exist.

Hi!

Just notice that:

// set max width/height limits (in pixels)
$image->setDimension($width, $height); 

Seems to be

// set max width/height limits (in pixels)
$image->setDimension($height, $width); 

I have a image with the following settings

And i had to change the order to

// set max width/height limits (in pixels)
$image->setDimension('960', '1080'); 

Thanks!

Or should i make a pull request?

The correspondent code should be like this:

        /* check image size based on the settings */
        if ($files["size"] < $minSize || $files["size"] > $maxSize) {
            $min = intval($minSize / 1000) ?: 1;
            $max = intval($maxSize / 1000) ?: 1;
            $image->error = "Image size should be at least " . $min . " kB, and no more then " . $max . "kB";
            return null;
        }

\nNotice: Undefined index: / in /usr/share/nginx/html/models/bulletproof.php on line 316
\nFatal error: Uncaught exception 'ImageUploader\\ImageUploaderException' with message '' in /usr/share/nginx/html/models/bulletproof.php:696\nStack trace:\n#0 /usr/share/nginx/html/upload.php(57): ImageUploader\\BulletProof->upload()\n#1 {main}
\nStrict Warning: It is not safe to rely on the system's timezone settings. Please use the date.timezone setting, the TZ environment variable or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/share/nginx/html/models/config.php on line 9
\nNotice: Read error! in /usr/share/nginx/html/models/bulletproof.php on line 197
\nFatal error: Uncaught exception 'ImageUploader\\ImageUploaderException' with message ' This is not allowed file type!\n             Please only upload ( jpg, gif, png, jpeg ) file types' in /usr/share/nginx/html/models/bulletproof.php:705\nStack trace:\n#0 /usr/share/nginx/html/upload.php(57): ImageUploader\\BulletProof->upload()\n#1 {main}

it also throws other imaginary errors.

So I am trying to resize the pic and also save original dimension, how is this accomplished?

Can you show me an example?

I will really appreciate it..

Fatal error: Namespace declaration statement has to be the very first statement in the script in C:\xampp\htdocs\project\lib\ImageUploader.php on line 4

I seriously don't know what the problem is, I've tried with includes, requires, direct link and nothing works, what might be the problem?

Looking at the source code there are 3 lines:

<_br />
<b>Fatal error</b>: Namespace declaration statement has to be the very first statement in the script in <b>C:\xampp\htdocs\project\lib\ImageUploader.php</b> on line <b>4</b><_br />

Hey!

I'm fairly certain it is possible to upload pdf files with bulletproof. But I can't seem to at all. In fact, I can't seem to upload any files other than .jpg files. I've used the setMime attribute to set it specifically to pdfs but no avail. And I'm using the correct code and all (or of course it wouldn't allow me to upload jpgs.

require_once  "path/to/bulletproof.php";

$image = new Bulletproof\Image($_FILES);

if($image["pictures"]){
$upload = $image->upload(); 

if($upload){
    echo $upload->getFullPath(); // uploads/cat.gif
}else{
    echo $image["error"]; 
}
}

What could the problem be you think? It befuddles me all this.

I have been using BulletProof as part of a larger project I am working on. The early tests I carried out with it had the image upload to the correct folder and all was good.

Now, however, I keep seeing the same problem - the getFullPath() method returns the path followed by a dot. As far as I can see the name and mime are not being provided. BulletProof is not reporting any errors (the getError() method returns FALSE) so I am at a bit of a loss as to what is going on.

I am getting the height, width and size so something is working but the name and mime are missing.

I think Crop need small improvement - cause now its only croping and mostly missing the needed content - here what i did - 1st thing is to resize as close to the needed size - most important we have to check out which value is bigger width or height, then we may crop - so most of the content remains

Check it out - small change but i think good one.

Here is the code

function crop($image, $mimeType, $imgWidth, $imgHeight, $newWidth, $newHeight){

switch ($mimeType) {
    case "jpg":
    case "jpeg":
        $imageCreate = imagecreatefromjpeg($image);
        break;

    case "png":
        $imageCreate = imagecreatefrompng($image);
        break;

    case "gif":
        $imageCreate = imagecreatefromgif($image);
        break;

    default:
        throw new \Exception(" Only gif, jpg, jpeg and png files can be cropped ");
        break;
}


$thumb_width = $newWidth;
$thumb_height = $newHeight;

$width = $imgWidth;
$height = $imgHeight;

$original_aspect = $width / $height;
$thumb_aspect = $thumb_width / $thumb_height;

if ( $original_aspect >= $thumb_aspect )
{
    // If image is wider than thumbnail (in aspect ratio sense)
    $new_height = $thumb_height;
    $new_width = $width / ($height / $thumb_height);
}
else
{
    // If the thumbnail is wider than the image
    $new_width = $thumb_width;
    $new_height = $height / ($width / $thumb_width);
}

$thumb = imagecreatetruecolor( $thumb_width, $thumb_height );

// Resize and crop
imagecopyresampled($thumb,
$imageCreate,
0 - ($new_width - $thumb_width) / 2, // Center the image horizontally
0 - ($new_height - $thumb_height) / 2, // Center the image vertically
0, 0,
$new_width, $new_height,
$width, $height);

if (!$thumb) {
    throw new \Exception("Failed to crop image. Please pass the right parameters");
} else {
    imagejpeg($thumb, $image);
}

}

Br

vagrant@vagrant-ubuntu-trusty-64:/vagrant$ php composer.phar require "bullet-proof/image-uploader"
Using version ~1.4 for bullet-proof/image-uploader
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)

• Installing bullet-proof/image-uploader (1.4)
  Downloading: connection... Failed to download bullet-proof/image-uploader from dist: The "https://api.github.com/repos/bivoc/bulletproof/zipball/fab4fca10bb7c341767904d60d37297
  5eecfba16" file could not be downloaded (HTTP/1.1 404 Not Found)
  Now trying to download from source

shouldn't this say watermark instead of resize?

Watermark

// require the watermark function
require 'src/utils/func.image-watermark.php';

// the image to watermark
$logo = 'my-logo.png'; 
// where to place the watermark
$position = 'center'; 
// get the width and heigh of the logo
list($logoWidth, $logoHeight) = getimagesize($logo);

if($upload){
	$resize = Bulletproof\resize(
		$upload->getFullPath(), 
		$upload->getMime(),
		$upload->getWidth(),
		$upload->getHeight(),
		$logo, 
		$logoHeight, 
		$logoWidth, 
		$position		
	);
}

Hi , I'm working with your class .
I just noticed , the upload method check the dimension of the image.
But the minHeight and minWidth - is checked by static value. (4)

    if($image->height < 4 || $image->width < 4){
        $image->error = "Invalid! Image height/width is too small or maybe corrupted"; 
        return ;
    }

It would be possible to extend the method setDimension?
setDimension ( $maxWidth , $maxHeight , $minWidth , $minHeight ) ;

if($image->height < $minHeight || $image->width < $minWidth ) {
  $image->error = "Invalid! Image height/width is too small or maybe corrupted"; 
  return ;
 }

This would be more flexible for daily work .

Best regards Thomas

Hi,

Very nice plugin. There is an error on the "exif_imagetype" function not found, if the module is not actif in your php.ini file.

I thin you shoud made a check on "var_export(extension_loaded('exif'));" if it's "false", then show a more prettier error message.

Don't you think ?

Keep up the good work.

The default permission for mkdir is 0666 (see the code), i.e. rw- for the owner. It doesn't allow neither create files nor move them there from a temporary directory. The correct permission seems should be 0766.

How to reproduce the bug

In the example code insert the line which changes the location, as shown:

$image = new Bulletproof\Image($_FILES);
$image->setLocation('/var/tmp/bulletproof'); // or /tmp/bulletproof

Then try to upload a file. You'll get the error Upload failed, Unknown error occured (btw, occured should be changed to occurred). Check the directory permission:

ls -l /var/tmp
> drw-r--r-- 2 www-data www-data   4096 Sep  4 18:10 bulletproof

Well, I am back with another error.

I was trying to get the type of the file using $image->getMime();

And I get blank all the time instead of jpeg or gif or any other image format.

Can you check what is the problem with this version?

I keep getting

Notice: Undefined index: tmp_name in /opt/lampp/htdocs/web/emall/production/app/vendor/samayo/bulletproof/src/bulletproof.php on line 413

Would love to see this functionality with your script. Very helpful, thank you!

Hi

It will do compress images by given value?

When i upload .jpg file then i save
$upload->getFilename()

i got this record 159ca9696c8d3a_mgjlfhekiqnop.jpeg

but on filesystem, 159ca9696c8d3a_mgjlfhekiqnop.jpg

is it possible to keep the transparency on a gif or png on a resize? as it seems to get filled with black when i do it.

So when I try uploading via mobile i get taken to upload.php as usual. Which contains my upload code. Then I get

Image does not exist

I'm not sure what this means, when clearly the image is passing through.

Hi
i am testing your Bulletproof/Image Class and it works like a charme, a very nice tool, thank you very much for it :)

I am new to github so i hope i posted this in the right section.

Wish you a nice weekend.

• getMime() should return in image/type format, and add getExt() to return only the ext
• add exif extension requirement in composer.json
• fix travis issue with php version 5.3 requirement.
• refractor upload() method / the upload() method contains ~10 lines of variable to array assignment which can be handled with just two lines of codes, if used array_combine.
• decrease minimum image-pixel requirement to 2px (for image validation)

getMime isn't working.
always returns an error even tho it is a correct format i am uploading.

if($image->getMime() == "jpeg" || $image->getMime() == "jpg" || $image->getMime() == "png" || $image->getMime() == "gif"){
                //all good
            }else{
              $formerror[]='Invalid file format for logo';
            }

Per https://github.com/simon-eQ/BulletProof/blob/master/BulletProof.php#L116 $_SERVER['HTTP_ACCEPT'] has nothing to do with server capabilities, but rather what the user-agent is capable of accepting.

This check if outright wrong, and should be removed. Any HTTP_* server variable is retrieved from the HTTP request by the user agent.