Laravel image upload

I'm new to the filesystem from Laravel, but I need an upload script that allows users to upload images to my server. However, i'm concerned about securety, so I thought why not ask for advice, because there aren't much reverences about that big topic of securety.

Basicly, this is how I check the user upload and how I upload the file:

My request Class:

 return [
 'profile_picture' => 'image',
 ];

My check if the image is actually an image and not some bad maleware:

function checkIfImageIsAllowed($file) {
$allowedMimes = [
 'image/jpeg',
 'image/jpg',
 'image/png'
];
$allowedExtensions = [
 'jpg',
 'JPG',
 'jpeg',
 'png'
];
$allowedMaxSize = 2000000;
if(!in_array($file->getClientOriginalExtension(), $allowedExtensions) || !in_array($file->getMimeType(), $allowedMimes) || $file->getSize() > $allowedMaxSize) {
 return false;
}
return true;
}

And than I upload the file:

$path = $request->file('profile_picture')->store('UserUpload/Images');

This is how I display the Image:

 $images = \App\Image::where('uuid', $uuid)->firstOrFail();
 $path = $images->path;
 $image = Storage::get($path);
 $response = Response::make($image, 200);
 $response->header("Content-Type", $images->memeType);
 return $response;

What are your thoughts about this? Do you think this is secure enough? Or do you have some improvement for this?

• \$\begingroup\$ image/jpg mime type doesn't exist. Both extensions use image/jpeg. Also you should have lower cases only in extensions array and check it with !in_array(strtolower($file->getMimeType()), $allowedMimes). \$\endgroup\$

  Tpojka

  – Tpojka

  2018年10月14日 10:38:51 +00:00

  Commented Oct 14, 2018 at 10:38

1 Answer 1

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.