[Suggestion] Always reprocess originals for security reasons

[Luciano]

I was doing a little reading and ran into a vulnerability of images through something called Gifar.
Those are images combined with java jar files that can access your browser

Quote:

GIFARs can be files other than combined GIF+JAR files, they could also be JPG+JAR, DOC+JAR, etc.

you can do some reading by searching Gifar on google or checking last years Black Hat conference:
Black Hat Sneak Preview | Zero Day | ZDNet.com
Sun has fixed this vulnerability in java, but you dont know if your users have installed the latest java plugin for their browser...
to be 100% sure nobody uploads a gifar to your site,

In vbgallery you have 2 possibilities..

Set: Save Original Files to no...
(drawback: you loose the original
and smaller files wont be resized => keeping potential gifar danger..)

Set the Original Image Quality from -1 to something like 75
the original will then be processed and gd2 or imagemagic will create a new file without malicious code...

BUT i am not sure if in that case gif or png images are really reprocessed..
as the quality option only affects jpgs. ( reprocessing is excluded in vbgallery: AND $imageinfo['numericaltype'] != 1)

So i suggest that reprocessing of gifs is allowed and forced in next vbgallery.

I would also Suggest, that a re-size original option (with max sizes) be added to next version.. ( this has nothing to do with vulnerabilies)

Luc

PS: i thought about another way... but it looks like a memory hog.. :
read the file into a string.. search for string like ".jar" or ".class" (is usually at the end of the code). if yes, reprocess the image..