MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)
It is possible for a file to contain a valid image AND contain php code. The image content prior to the <?php tag is simply content that php would output, then the php code would be parsed and executed. There are some conditions that must be true for this exploit to be possible, such as allowing an upload file name to be completely specified from the upload form, so that such an image/php code file could be placed on the server with a file name that could be browsed to and be parsed as php code.
The various image functions (getimagesize and imagecreatefromjpeg...) will find and happily return the image portion of such an image/php code file.
Since an image would not normally contain data that looks like php code, this type of exploit could be discovered by scanning the file for php only keywords that would be used by malicious code, such as <? exec shell echo print print_r...
If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.
Wow, thanks guys, I've learned a bit in the past few minutes.
I still have one question, now that i know that the image can be more than just binary or hex, how exactly do i extract the file into a readable format?
Or am i just asking a pointless question on this one.
Thus i would only have to use some thing like this:
if($_FILE['imagefile']['name']=='<?php' || $_FILE['imagefile']['name']== '<?')
// Either parse with imagecreatefromjpeg or throw out and ask for another file.
I need to find a book about all this stuff. God, thats gonna be one big book!