Safe image uploading with PHP

I want my site to have a feature for users to upload images, but I want to do it safely. Namely, I want to strip the EXIF data and any malicious code that could be in their image. I was thinking of a way to do this involving direct manipulation of the file, but 开发者_如何学Cit struck me, would it make more sense to just convert the image they provide to BMP and then convert that back to the original format? It would suffer a generational loss, but I believe that would meet my project's requirements. BMP doesn't contain EXIF, does it? And the reprocessing should strip any malicious content.

---

It wouldn't even have to be BMP: You could use PHP's GD functions, open the image using imagecreatefrom[xyz], copy it unresized, and write it back out in the original format.

That should be pretty watertight, save for the remote (and negligeable) possibility of course that a vulnerability is one day discovered in GD itself.

Limitations and caveats I can think of:

• Images with transparency may be an issue, especially transparent GIFs would probably require special treatment (allocating the transparent colour in the new image etc., not sure)

• Animated GIFs would be destroyed this way, GD can't deal with them

• This method would be limited by PHP's memory limit (you'll need at least {image width} x { image height } x 3 bytes for the resize operation)

• More exotic sub-formats like progressive JPG, CMYK JPG may cause trouble, but that's okay IMO - the latter woulnd't show in IE anyway