Protection against embedded PHP image
I've read several months ago somewhere a security issue behind images whereas a programmer can conceal a PHP program as an image.
For instance, someone tried to use http://www.example.com/php_image.jpg as a remote avatar. Embedded in the php_image.jpg is a PHP code which tries to conceal itself as an image.
Is there a way to protect my site against this?
What about uploads? How can I protect my site against volatile files?
i think its only possible if you link to an offsite avatar.
answer - dont do it..its a security risk, get the lazy ****s to upload their own avatar.
Did anyone else click that link?
Anyways, yes, it is a security risk. Try to avoid it.