Skip to content

Instantly share code, notes, and snippets.

@carloscarucce
Forked from nicoptere/imageProxy.php
Last active March 10, 2024 09:55
Show Gist options
  • Save carloscarucce/89329fa61997b3775487b0c155cda41f to your computer and use it in GitHub Desktop.
Save carloscarucce/89329fa61997b3775487b0c155cda41f to your computer and use it in GitHub Desktop.
basic PHP image proxy (that works ... )
<?php
$url = isset($_GET['url']) ? $_GET['url'] : null;
if (!$url) {
die('Please, inform URL');
}
$imgInfo = getimagesize( $url );
if ($imgInfo === false) {
die('Could not retrieve information');
}
if (stripos($imgInfo['mime'], 'image/') === false) {
die('Invalid image file');
}
header("Content-type: ".$imgInfo['mime']);
readfile( $url );
@Looper1984
Copy link

Line 11 may return some warnings in current PHP versions:
PHP Warning: Trying to access array offset on value of type bool in imageProxy.php on line 11
PHP Deprecated: stripos(): Passing null to parameter #1 ($haystack) of type string is deprecated in imageProxy.php on line 11

@carloscarucce
Copy link
Author

@Looper1984 wrong/unreadable url may cause it. You could fix by checking getimagesize as bellow:

if ($imgInfo === false) {
    die('Could not retrieve information');
}

@Looper1984
Copy link

@carloscarucce that fixed it, thank you :)

I may still get a warning when getimagesize fails, though, because the error handling comes after it. But of course all is taken care of, so I simply suppress the warning like this:
$imgInfo = @getimagesize( $url );

@carloscarucce
Copy link
Author

carloscarucce commented Jan 15, 2024

@Looper1984 glad it helped. I would not leave error messages in a production environment, through.

You can hide it by changing a directive in your php.ini: display_errors = off. Or programmatically with ini_set("display_errors", 0);

References:
Article: https://www.a2hosting.com/kb/developer-corner/php/using-php.ini-directives/php-error-messages/
S.O. Thread: https://stackoverflow.com/a/332206/3435728 (accepted answer teaches on how to enable logging too)

@Looper1984
Copy link

@carloscarucce right, that's much safer and exactly what I'm doing. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment