httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zcat <>
Subject Re: [users@httpd] watermarking images on the fly
Date Sun, 03 Apr 2005 02:55:22 GMT

>Gah. Don't use `date` and `basename`; use PHP functions (basename() and
>date(), for instance); that's what they're there for. The method you're
>using results in *three* fork/exec's, which will kill performance (or at
>least injure it).

  header("Content-type: image/jpg");
  $ip = $_SERVER['REMOTE_ADDR'];
  $date = date("G:i:s d-m-Y");
  $img = basename($_SERVER['REQUEST_URI']);
  passthru("echo \"downloaded from by $ip at 
$date\" | steghide embed -e none -p \"\" -cf $img -q -sf - ")

And to recover the watermark;

$ steghide extract -sf zcat.jpg -p '' -xf -
downloaded from by at 14:36:21 

I know I'm still passing unfiltered bits of REQUEST_URI to passthru(), 
I'll clean that up next - hopefully before the server gets 0wned. In the 
meantime I'll watch very closely for requests like 
"/images/;nc%20-p%2031337%20-c%20bash;.jpg" in my logs :)

On June 1, 2001, Steve Ballmer, CEO of Microsoft, told the Chicago Sun-Times: "Linux is cancer."
Unsurprisingly that's incorrect; LINUX was released on August 25th 1991 and is therefore a

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message