Skip to content

Prevent malicious code execution through uploaded image files

License

Notifications You must be signed in to change notification settings

laravel-at/laravel-image-sanitize

Repository files navigation

Laravel Image Sanitize logo

It prevents malicious code execution!

Latest Version on Packagist GitHub Tests Action Status Quality Score Total Downloads

This is a small but handy package to prevent malicious code execution coming into your application through uploaded images. It was created after being inspired by @appelsiini's talk on How to Hack your Laravel Application

Installation

You can install the package via composer:

composer require laravel-at/laravel-image-sanitize

Usage

Register the ImageSanitizeMiddleware in your App\Http\Kernel class

protected $routeMiddleware = [
    // ...
    'image-sanitize' => \LaravelAt\ImageSanitize\ImageSanitizeMiddleware::class,
];

Then, just use it in your Controller's constructor

public function __construct()
{
    $this->middleware('image-sanitize');
}

Or use it in your routes/web.php file

Route::post('/files', 'FileController@upload')
    ->name('file.upload')
    ->middleware(['image-sanitize']);

If you want to learn more about middlewares, please check out the official Laravel documentation

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email adrian@nuernberger.me instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.