StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POgetimagesize() on stream instead of string
primarykey
Id
8209646
data
AcceptedAnswerId
8211491
AnswerCount
2
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2011-11-21T09:24:39.163
FavoriteCount
2
LastActivityDate
2013-02-26T12:00:09.330
LastEditDate
2011-11-23T20:12:01.613
LastEditorUserId
632844
OwnerUserId
632844
ParentId
0
PostTypeId
1
Score
4
ViewCount
4214
LastEditorDisplayName
text
Body
I'm using <a href="http://valums.com/ajax-upload/" rel="nofollow">Valum's file uploader</a> to upload images with AJAX. This script submits the file to my server in a way that I don't fully understand, so it's probably best to explain by showing my server-side code: <pre><code>$pathToFile = $path . $filename; //Here I get a file not found error, because the file is not yet at this address getimagesize($pathToFile); $input = fopen('php://input', 'r'); $temp = tmpfile(); $realSize = stream_copy_to_stream($input, $temp); //Here I get a string expected, resource given error getimagesize($input); fclose($input); $target = fopen($pathToFile, 'w'); fseek($temp, 0, SEEK_SET); //Here I get a file not found error, because the image is not at the $target yet getimagesize($pathToFile); stream_copy_to_stream($temp, $target); fclose($target); //Here it works, because the image is at the desired location so I'm able to access it with $pathToFile. However, the (potentially) malicious file is already in my server. getimagesize($pathToFile); </code></pre> The problem is that I want to perform some file validation here, using getimagesize(). getimagesize only supports a string, and I only have resources available, which result in the error: getimagesize expects a string, resource given. It does work when I perform getimagesize($pathTofile) at the end of the script, but then the image is already uploaded and the damage could already have been done. Doing this and performing the check afterwards and then maybe deleting te file seems like bad practice to me. The only thing thats in $_REQUEST is the filename, which i use for the var $pathToFile. $_FILES is empty. How can I perform file validation on streams? EDIT: the solution is to first place the file in a temporary directory, and perform the validation on the temporary file before copying it to the destination directory. <pre><code>// Store the file in tmp dir, to validate it before storing it in destination dir $input = fopen('php://input', 'r'); $tmpPath = tempnam(sys_get_temp_dir(), 'upl'); // upl is 3-letter prefix for upload $tmpStream = fopen($tmpPath, 'w'); // For writing it to tmp dir stream_copy_to_stream($input, $tmpStream); fclose($input); fclose($tmpStream); // Store the file in destination dir, after validation $pathToFile = $path . $filename; $destination = fopen($pathToFile, 'w'); $tmpStream = fopen($tmpPath, 'r'); // For reading it from tmp dir stream_copy_to_stream($tmpStream, $destination); fclose($destination); fclose($tmpStream); </code></pre>
Tags
<php><ajax><file><file-upload><inputstream>
Title
getimagesize() on stream instead of string
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USThomas
UserOwnerUserId
1. USThomas
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POgetimagesize() on stream instead of string
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POgetimagesize() on stream instead of string
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POgetimagesize() on stream instead of string
 UserUserId
 USseaofinformation
 VoteTypeVoteTypeId
 VTFavorite
CommentsPostId
1. COPlease add the getimagesize code as well to your question, otherwise it's hard to answer. From your question it looks like that you have a string as well to the file and you could use the string instead of the resource-id. So would be good to know what prevents you doing so.
 singulars
 PostPostId
 POgetimagesize() on stream instead of string
 UserUserId
 UShakre
2. CODone, I hope this clarifies it a bit.
 singulars
 PostPostId
 POgetimagesize() on stream instead of string
 UserUserId
 USThomas

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.