定制 laravel-at/laravel-image-sanitize 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

laravel-at/laravel-image-sanitize

Composer 安装命令:

composer require laravel-at/laravel-image-sanitize

包简介

A small but handy package to prevent malicious code execution coming into your application through uploaded image files.

README 文档

README

Laravel Image Sanitize logo

It prevents malicious code execution!

Latest Version on Packagist GitHub Tests Action Status Total Downloads

This is a small but handy package to prevent malicious code execution coming into your application through uploaded images. It was created after being inspired by @appelsiini's talk on How to Hack your Laravel Application

Installation

This version requires PHP 8.3+, Laravel 12 or 13, and Intervention Image 4.

You can install the package via composer:

composer require laravel-at/laravel-image-sanitize

Usage

Apply the middleware to routes that receive image uploads:

use App\Http\Controllers\FileController;
use LaravelAt\ImageSanitize\ImageSanitizeMiddleware;

Route::post('/files', [FileController::class, 'upload'])
    ->name('file.upload')
    ->middleware(ImageSanitizeMiddleware::class);

If you prefer a middleware alias, register it in your application's bootstrap/app.php file:

use Illuminate\Foundation\Configuration\Middleware;
use LaravelAt\ImageSanitize\ImageSanitizeMiddleware;

->withMiddleware(function (Middleware $middleware): void {
    $middleware->alias([
        'image-sanitize' => ImageSanitizeMiddleware::class,
    ]);
})

Then use the alias on your upload routes:

Route::post('/files', [FileController::class, 'upload'])
    ->name('file.upload')
    ->middleware('image-sanitize');

If you want to learn more about middlewares, please check out the official Laravel documentation.

Configuration

You may publish the configuration file:

php artisan vendor:publish --tag=image-sanitize-config

The default configuration scans JPEG, PNG, GIF, BMP, and WebP uploads for suspicious byte patterns, then re-encodes matching images through Intervention Image. SVG files are not supported by default.

return [
    'allowed_mime_types' => [
        'image/jpeg',
        'image/png',
        'image/gif',
        'image/bmp',
        'image/webp',
    ],

    'patterns' => [
        '<?php',
        'phar',
    ],

    'driver' => \Intervention\Image\Drivers\Gd\Driver::class,
    'quality' => 100,
    'auto_orientation' => true,
    'decode_animation' => true,
    'strip_metadata' => true,
];

You can also use the facade directly:

if (ImageSanitize::detect($contents)) {
    $contents = (string) ImageSanitize::sanitize($contents);
}

Testing

composer test

Run the full local quality check:

composer check

Or run the individual checks:

composer format-test
composer analyse
composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email adrian@nuernberger.me instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

统计信息

  • 总下载量: 64.86k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 260
  • 点击次数: 21
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 259
  • Watchers: 12
  • Forks: 19
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2019-08-31

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固