Looking for a good image validation library

[Robert.]

One of my projects requires an image upload system, which is not an issue, but in order to make sure it's secure and to avoid reinventing the wheel, I'm looking for a library that handles the image validation part. Basically all it'd need to do is make sure the image is actually an image (the cake may have been a lie, but a user-uploaded image shouldn't be). Since the project is primarily written in PHP, it'd be fantastic if the library were as well, and if the package could be installed using Composer, that would be even more fantastic.

Any suggestions would be most welcome.

Thanks!
- Kryzen

[Arantor]

What threat do you consider that you're trying to protect again? That it is literally just a valid image? (In which case, use something like the fileinfo extension to get its data)

If you have any real doubt about the validity of the image, load it with GD and resave it.

[Robert.]

Thanks for the quick reply! Yes, correct, although I'm especially concerned about XSS injection through images. The risk of that happening may or may not be minimal, but if it's an actual threat (several websites mentioned something about it only affecting old browsers, while other sites mentioned it is still possible), I'd like to deal with it before it has any chance of causing serious problems. Both of your suggestions sound great, though. I'll probably go with the second. I'll let you know how it goes.

Thanks again for your help.

[Arantor]

If you ensure it is a valid picture, and ensure it is served with the correct headers (because, ideally, you're serving it from outside the core filesystem, so you're serving it through PHP), you have done everything you can do from a general standpoint.

If you're protecting against a mostly-theoretical attack such as the one you described, open the file with GD, resave it with GD to strip everything and force re-encode it.