PHP Detecting if source image url link leads to a "broken" image?

Question

Suppose you have a thumbnail generator script that accepts source images in the form of a URL. Is there a way to detect if the source URL is "broken" - whether nonexistent or leads to an non-image file?

---

Just brute force using getimagesize() or another PHP GD function is not a solution, since spoofed stray URL's that might not be images at all (http://example.com/malicious.exe or the same file, but renamed as http://example.com/malicious.jpg) could be input - such cases could easily be detected by PHP before having to invoke GD. I'm looking for GD pre-sanitizing before having GD try its battalion at parsing the file.

---

as a first step, the following regular expression checks if the URL is an image extension: preg_match('@(https?://([-\w\.]+)+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?)([^\s]+(\.(?i)(jpg|png|gif|bmp))$)@', $txt,$url);

Answer 1

use file_exists function in php, you can check urls with it.

See documentation below, shows how to check img... exactly what you need

FILE EXISTS - http://www.php.net/manual/en/function.file-exists.php#93572

URL EXISTS - http://www.php.net/manual/en/function.file-exists.php#85246

---

Here is alternative code for checking the url. If you will test in browser replace \n with <br/>

<?php

$urls = array('http://www.google.com/images/logos/ps_logo2.png', 'http://www.google.com/images/logos/ps_logo2_not_exists.png');

foreach($urls as $url){
   echo "$url - ";
   echo url_exists($url) ? "Exists" : 'Not Exists';
   echo "\n\n";
}


function url_exists($url) {
    $hdrs = @get_headers($url);

    echo @$hdrs[1]."\n";

    return is_array($hdrs) ? preg_match('/^HTTP\\/\\d+\\.\\d+\\s+2\\d\\d\\s+.*$/',$hdrs[0]) : false;
}
?>

Output is as follows

http://www.google.com/images/logos/ps_logo2.png - Content-Type: image/png
Exists

http://www.google.com/images/logos/ps_logo2_not_exists.png - Content-Type: text/html; charset=UTF-8
Not Exists

Answer 2

You could check the HTTP status code (it should be 200) and the Content-type header (image/png etc.) of the HTTP response before you put the actual image through the generator.

If these two preconditions are ok, after retrieving the image you can call getimagesize() on it and see if it breaks, what MIME type it returns etc.

Answer 3

try for local files

<?php 
if(file_exits($filename))
{
//do what you want
}
else
{
//give error that file does not exists
}
?>

for external domains

$headers = @get_headers($url);
if (preg_match("|200|", $headers[0])) {
// file exists
} else {
// file doesn't exist
}

Also you can use curl request for the same.

Answer 4

did you try file_get_contents() method?

http://php.net/manual/en/function.file-get-contents.php

Answer 5

The only really reliable way is to request the image using file_get_contents(), and finding out its image type using getimagesize().

Only if getimagesize() returns a valid file type, can you rely that it is in fact a valid image.

This is quite resource heavy, though.

You could consider not doing any server-side checks at all, and adding an onerror JavaScript event to the finished image resource:

<img src="..." onerror="this.style.display = 'none'">