Description
Prevent malicious code execution through uploaded image files.
This is a small but handy package to prevent malicious code execution coming into your application through uploaded images. It was created after being inspired by @appelsiini's talk on How to Hack your Laravel Application
Installation
This version requires PHP 8.3+, Laravel 12 or 13, and Intervention Image 4.
You can install the package via composer:
composer require laravel-at/laravel-image-sanitize
Usage
Apply the middleware to routes that receive image uploads:
use App\Http\Controllers\FileController;use LaravelAt\ImageSanitize\ImageSanitizeMiddleware; Route::post('/files', [FileController::class, 'upload']) ->name('file.upload') ->middleware(ImageSanitizeMiddleware::class);
If you prefer a middleware alias, register it in your application's bootstrap/app.php file:
use Illuminate\Foundation\Configuration\Middleware;use LaravelAt\ImageSanitize\ImageSanitizeMiddleware; ->withMiddleware(function (Middleware $middleware): void { $middleware->alias([ 'image-sanitize' => ImageSanitizeMiddleware::class, ]);})
Then use the alias on your upload routes:
Route::post('/files', [FileController::class, 'upload']) ->name('file.upload') ->middleware('image-sanitize');
Recent Courses on Laravel Daily
Laravel 13 Starter Kit Teams and Customizations
10 lessons
33 min
Roles and Permissions in Laravel 13
14 lessons
57 min
Queues in Laravel 13
18 lessons
1 h 12 min read