blocks|key|250879|text|要做到这一点，一种方法是从base64数据实际创建一个图像文件，然后用PHP验证图像本身。也许有一种更简单的方法可以做到这一点，但这种方法肯定会起作用。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|250880|请记住，这只对PNG有效，如果你计划允许更多的文件类型(GIF，JPG)，你需要添加一些逻辑。|250881|<?

$base64+=+"[insert+base64+code+here]";
if+(check_base64_image($base64))+{
++++print+'Image!';
}+else+{
++++print+'Not+an+image!';
}

function+check_base64_image($base64)+{
++++$img+=+imagecreatefromstring(base64_decode($base64));
++++if+(!$img)+{
++++++++return+false;
++++}

++++imagepng($img,+'tmp.png');
++++$info+=+getimagesize('tmp.png');

++++unlink('tmp.png');

++++if+($info[0]+>+0+&&+$info[1]+>+0+&&+$info['mime'])+{
++++++++return+true;
++++}

++++return+false;
}

?>|code-block|syntax|javascript|250882|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|L|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|M|8|@]|9|@]|A|$G|H]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

One way of doing this would be to actually create an image file from the base64 data, then verify the image itself with PHP. There might be a simpler way of doing this, but this way should certainly work.

Keep in mind that this only really works for PNGs, you'll need to add some logic if you're planning on allowing more file types (GIF, JPG).

<pre><code>&lt;?

$base64 = "[insert base64 code here]";
if (check_base64_image($base64)) {
 print 'Image!';
} else {
 print 'Not an image!';
}

function check_base64_image($base64) {
 $img = imagecreatefromstring(base64_decode($base64));
 if (!$img) {
 return false;
 }

 imagepng($img, 'tmp.png');
 $info = getimagesize('tmp.png');

 unlink('tmp.png');

 if ($info[0] &gt; 0 &amp;&amp; $info[1] &gt; 0 &amp;&amp; $info['mime']) {
 return true;
 }

 return false;
}

?&gt;
</code></pre>

blocks|key|467572|text|function+RetrieveExtension($data){
++++$imageContents+=+base64_decode($data);

++++//+If+its+not+base64+end+processing+and+return+false
++++if+($imageContents+===+false)+{
++++++++return+false;
++++}

++++$validExtensions+=+['png',+'jpeg',+'jpg',+'gif'];

++++$tempFile+=+tmpfile();

++++fwrite($tempFile,+$imageContents);

++++$contentType+=+finfo_file(finfo_open(FILEINFO_MIME_TYPE),+$tempFile);

++++fclose($tempFile);

++++if+(substr($contentType,+0,+5)+!==+'image')+{
++++++++return+false;
++++}

++++$extension+=+ltrim($contentType,+'image/');

++++if+(!in_array(strtolower($extension),+$validExtensions))+{
++++++++return+false;
++++}

++++return+$extension;
}|type|code-block|depth|inlineStyleRanges|entityRanges|data|syntax|javascript|467573|unstyled|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|G|8|@]|9|@]|A|$B|C]]|$1|D|3|-4|5|E|7|H|8|@]|9|@]|A|$]]]|F|$]]

<pre><code>function RetrieveExtension($data){
 $imageContents = base64_decode($data);

 // If its not base64 end processing and return false
 if ($imageContents === false) {
 return false;
 }

 $validExtensions = ['png', 'jpeg', 'jpg', 'gif'];

 $tempFile = tmpfile();

 fwrite($tempFile, $imageContents);

 $contentType = finfo_file(finfo_open(FILEINFO_MIME_TYPE), $tempFile);

 fclose($tempFile);

 if (substr($contentType, 0, 5) !== 'image') {
 return false;
 }

 $extension = ltrim($contentType, 'image/');

 if (!in_array(strtolower($extension), $validExtensions)) {
 return false;
 }

 return $extension;
}
</code></pre>

blocks|key|467623|text|由于我没有足够的点数来评论，所以我发布了thewebguy代码的更新版本。这是为那些托管在Heroku等服务上的人准备的，在这些服务中，你不能存储图像。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|467624|向Pekka指出流包装器的功劳(Pekka's+answer)|offset|length|467625|这段代码假设您从PHP+Example+on+Stream+Wrapper实现了类和流包装器|467626|<?

$base64+=+"[insert+base64+code+here]";
if+(check_base64_image($base64))+{
++++print+'Image!';
}+else+{
++++print+'Not+an+image!';
}

function+check_base64_image($base64)+{
++++$img+=+imagecreatefromstring(base64_decode($base64));
++++if+(!$img)+{
++++++++return+false;
++++}

++++ob_start();
++++if(!imagepng($img))+{

++++++++return+false;
++++}
++++$imageTemp+=+ob_get_contents();+
++++ob_end_clean();

++++//+Set+a+temporary+global+variable+so+it+can+be+used+as+placeholder
++++global+$myImage;+$myImage+=+"";

++++$fp+=+fopen("var://myImage",+"w");
++++fwrite($fp,+$imageTemp);
++++fclose($fp);++++

++++$info+=+getimagesize("var://myImage");
++++unset($myvar);
++++unset($imageTemp);

++++if+($info[0]+>+0+&&+$info[1]+>+0+&&+$info['mime'])+{
++++++++return+true;
++++}

++++return+false;
}

?>|code-block|syntax|javascript|467627|我希望这对某些人有帮助。|467628|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/questions/2207095/get-image-mimetype-from-resource-in-php-gd|1|http://php.net/manual/en/stream.streamwrapper.example-1.php^0|0|G|E|0|0|8|T|1|0|0|0^^$0|@$1|2|3|4|5|6|7|Y|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|Z|8|@]|9|@$D|10|E|11|1|12]]|A|$]]|$1|F|3|G|5|6|7|13|8|@]|9|@$D|14|E|15|1|16]]|A|$]]|$1|H|3|I|5|J|7|17|8|@]|9|@]|A|$K|L]]|$1|M|3|N|5|6|7|18|8|@]|9|@]|A|$]]|$1|O|3|-4|5|6|7|19|8|@]|9|@]|A|$]]]|P|$Q|$5|R|S|T|A|$U|V]]|W|$5|R|S|T|A|$U|X]]]]

Since I don't have enough points to comment, I am posting an updated version of thewebguy's code. This is for people hosting on services such as Heroku where you can't store images. 

The credit for pointing out stream wrapper to Pekka
(<a href="https://stackoverflow.com/questions/2207095/get-image-mimetype-from-resource-in-php-gd">Pekka's answer</a>)

This code assumes you implement the class and stream wrapper from:
<a href="http://php.net/manual/en/stream.streamwrapper.example-1.php" rel="nofollow noreferrer">PHP Example on Stream Wrapper</a>

<pre><code>&lt;?

$base64 = "[insert base64 code here]";
if (check_base64_image($base64)) {
 print 'Image!';
} else {
 print 'Not an image!';
}

function check_base64_image($base64) {
 $img = imagecreatefromstring(base64_decode($base64));
 if (!$img) {
 return false;
 }

 ob_start();
 if(!imagepng($img)) {

 return false;
 }
 $imageTemp = ob_get_contents(); 
 ob_end_clean();

 // Set a temporary global variable so it can be used as placeholder
 global $myImage; $myImage = "";

 $fp = fopen("var://myImage", "w");
 fwrite($fp, $imageTemp);
 fclose($fp); 

 $info = getimagesize("var://myImage");
 unset($myvar);
 unset($imageTemp);

 if ($info[0] &gt; 0 &amp;&amp; $info[1] &gt; 0 &amp;&amp; $info['mime']) {
 return true;
 }

 return false;
}

?&gt;
</code></pre>

I hope this helps someone.

blocks|key|467634|text|如果你使用的是php+5.4%2B，我已经修改了上面的内容，使之更简洁。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|467635|function+check_base64_image($data,+$valid_mime)+{
++++$img+=+imagecreatefromstring($data);

++++if+(!$img)+{
++++++++return+false;
++++}

++++$size+=+getimagesizefromstring($data);

++++if+(!$size+%7C%7C+$size[0]+==+0+%7C%7C+$size[1]+==+0+%7C%7C+!$size['mime'])+{
++++++++return+false;
++++}

++++return+true;
}|code-block|syntax|javascript|467636|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

If you're using php 5.4+, I've revised the above to be a bit more concise.

<pre><code>function check_base64_image($data, $valid_mime) {
 $img = imagecreatefromstring($data);

 if (!$img) {
 return false;
 }

 $size = getimagesizefromstring($data);

 if (!$size || $size[0] == 0 || $size[1] == 0 || !$size['mime']) {
 return false;
 }

 return true;
}
</code></pre>

blocks|key|250960|text|$str+=+'your++base64+code'+;

if+(base64_encode(base64_decode($str,+true))+===+$str+&&+imagecreatefromstring(base64_decode($str)))+{
++++echo+'Success!+The+String+entered+match+base64_decode+and+is+Image';
}|type|code-block|depth|inlineStyleRanges|entityRanges|data|syntax|javascript|250961|unstyled|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|G|8|@]|9|@]|A|$B|C]]|$1|D|3|-4|5|E|7|H|8|@]|9|@]|A|$]]]|F|$]]

<pre><code>$str = 'your base64 code' ;

if (base64_encode(base64_decode($str, true)) === $str &amp;&amp; imagecreatefromstring(base64_decode($str))) {
 echo 'Success! The String entered match base64_decode and is Image';
}
</code></pre>

blocks|key|250991|text|大家好，您可以使用getimagesize()函数验证base64编码图像代码，只需使用给定的以下代码：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|250992|<?php
$array=getimagesize("data:image/gif;+base64+,+'.base64_encode('any+file').'");
$e=explode("/",$array['mime']);
if($e[0]=="image")
{
echo+"file+is+image+file"+;
}
?>|code-block|syntax|javascript|250993|*将任何文件替换为您想要base64_encode代码的任何文件源|250994|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|L|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|M|8|@]|9|@]|A|$]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

hello guys you can validate base64 encode image code using getimagesize() function just use the given below code:

<pre><code>&lt;?php
$array=getimagesize("data:image/gif; base64 , '.base64_encode('any file').'");
$e=explode("/",$array['mime']);
if($e[0]=="image")
{
echo "file is image file" ;
}
?&gt;
</code></pre>

*replace any file with any file source that of you want base64_encode code

blocks|key|251034|text|如果没有要安装的GD库，并且您不想安装它，这是一个快速的解决方案。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|251035|++++//Returns+a+boolean
++++public+function+validateBase64Image($data)+{
++++//Decode+Base+64+data
++++$imgData+=+base64_decode($data);

++++//Returns+a+magic+database+resource+on+success+or+FALSE+on+failure.
++++$fileInfo+=+finfo_open();
++++if(!$fileInfo)+{
++++++++return+false;
++++}

++++//Returns+a+textual+description+of+the+string+argument,+or+FALSE+if+an+error+occurred.
++++//In+the+case+of+an+image:+image/<image+extension>+e.g.+image/jpeg
++++$mimeType+=+finfo_buffer($fileInfo,+$imgData,+FILEINFO_MIME_TYPE);
++++if(!$mimeType)+{
++++++++return+false;
++++}

++++//Gets+an+array
++++$mimeArray=explode("/",$mimeType);
++++//Validate+the+file+is+an+image
++++if($mimeArray[0]=="image")+{
++++++++return+true;
++++}
++++return+false;
}|code-block|syntax|javascript|251036|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

This is a quick solution if do not have the GD library to be installed, and you do not want to install it.

<pre><code> //Returns a boolean
 public function validateBase64Image($data) {
 //Decode Base 64 data
 $imgData = base64_decode($data);

 //Returns a magic database resource on success or FALSE on failure.
 $fileInfo = finfo_open();
 if(!$fileInfo) {
 return false;
 }

 //Returns a textual description of the string argument, or FALSE if an error occurred.
 //In the case of an image: image/&lt;image extension&gt; e.g. image/jpeg
 $mimeType = finfo_buffer($fileInfo, $imgData, FILEINFO_MIME_TYPE);
 if(!$mimeType) {
 return false;
 }

 //Gets an array
 $mimeArray=explode("/",$mimeType);
 //Validate the file is an image
 if($mimeArray[0]=="image") {
 return true;
 }
 return false;
}
</code></pre>

blocks|key|467786|text|我也有同样的需求，于是我这样做了。这样就不需要通过直接读取字符串并使用getimagesizefromstring函数来保存文件。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|467787|​|467788|+public+function+validateImg($data)
++++{
++++++++try+{
++++++++++++$binary+=+base64_decode(explode(',',+$data)[1]);
++++++++++++$data+=+getimagesizefromstring($binary);
++++++++}+catch+(\Exception+$e)+{
++++++++++return+false;
++++++++}

++++++++$allowed+=+['image/jpeg',+'image/png',+'image/gif'];

++++++++if+(!$data)+{
++++++++++++return+false;
++++++++}

++++++++if+(!empty($data[0])+&&+!empty($data[0])+&&+!empty($data['mime']))+{
++++++++++++if+(in_array($data['mime'],+$allowed))+{
++++++++++++++++return+true;
++++++++++++}
++++++++}

++++++++return+false;
++++}|code-block|syntax|javascript|467789|467790|entityMap^0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|M|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|N|8|@]|9|@]|A|$G|H]]|$1|I|3|C|5|6|7|O|8|@]|9|@]|A|$]]|$1|J|3|-4|5|6|7|P|8|@]|9|@]|A|$]]]|K|$]]

I had the same need and did this. This eliminates the need to save file by reading the string directly and using the getimagesizefromstring function.
<div class="snippet" data-lang="js" data-hide="false" data-console="true" data-babel="false">
<div class="snippet-code">
<pre class="snippet-code-html lang-html prettyprint-override"><code> public function validateImg($data)
 {
 try {
 $binary = base64_decode(explode(',', $data)[1]);
 $data = getimagesizefromstring($binary);
 } catch (\Exception $e) {
 return false;
 }

 $allowed = ['image/jpeg', 'image/png', 'image/gif'];

 if (!$data) {
 return false;
 }

 if (!empty($data[0]) &amp;&amp; !empty($data[0]) &amp;&amp; !empty($data['mime'])) {
 if (in_array($data['mime'], $allowed)) {
 return true;
 }
 }

 return false;
 }</code></pre>
</div>
</div>

I'm building an application that allows the user to <code>POST</code> HTML5 canvas data that is then encoded in base64 and displayed to all users. I am considering parsing the data into an actual .png file and storing on the server, but the base64 route allows me to store the images in a database and minimize requests. The images are unique, few, and the page won't be refreshed often.

A bit of jQuery will take the canvas data, <code>data:image/png;base64,iVBORw...</code> and passes it along to a PHP script that wraps it like so: <code>&lt;img src="$data"&gt;&lt;/img&gt;</code>

However, security is cornerstone and need to validate the base64 canvas data to prevent passing malicious data in the <code>POST</code> request. My primary concern is to prevent external URLs from being injected into the <code>&lt;img&gt;</code> tag and being requested on page load.

I currently have a setup like this:

<pre><code>$data = (isset($_POST['canvas']) &amp;&amp; is_string($_POST['canvas'])) ? $_POST['canvas'] : null;
$base = str_replace('data:image/png;base64,', '', $data);
$regx = '~^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)$~'

if ((substr($data, 0, 22)) !== 'data:image/png;base64,')
{
 // Obviously fake, doesn't contain the expected first 22 characters.
 return false;
}

if ((base64_encode(base64_decode($base64, true))) !== $base64)
{
 // Decoding and re-encoding the data fails, something is wrong
 return false;
}

if ((preg_match($regx, $base64)) !== 1) 
{
 // The data doesn't match the regular expression, discard
 return false;
}

return true;
</code></pre>

I want to make sure my current setup is safe enough to prevent external URLs from being inserted into the <code>&lt;img&gt;</code> tag, and if not, what can be done to further validate the image data?

Validating base64 encoded images

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋 

腾讯云代码助手

CODING DevOps

Cloud Studio

SDK中心

API中心

命令行工具

我正在构建一个应用程序，它允许用户对HTML5画布数据进行POST，然后将这些数据编码成base64并显示给所有用户。我正在考虑将数据解析成实际的.png文件并存储在服务器上，但是base64路由允许我将图像存储在数据库中，并最大限度地减少请求。图像是独一无二的，很少，页面不会经常刷新。一小部分jQuery将获取画布数...

问验证base64编码的图像
EN

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问验证base64编码的图像EN

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问验证base64编码的图像
EN