PHPackages                             laravel-at/laravel-image-sanitize - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Image &amp; Media](/categories/media)
4. /
5. laravel-at/laravel-image-sanitize

ActiveLibrary[Image &amp; Media](/categories/media)

laravel-at/laravel-image-sanitize
=================================

A small but handy package to prevent malicious code execution coming into your application through uploaded image files.

v5.0.0(3w ago)33866.8k—7%24MITPHPPHP ^8.3CI passing

Since Sep 3Pushed 3w ago15 watchersCompare

[ Source](https://github.com/laravel-at/laravel-image-sanitize)[ Packagist](https://packagist.org/packages/laravel-at/laravel-image-sanitize)[ Docs](https://github.com/laravel-at/laravel-image-sanitize)[ RSS](/packages/laravel-at-laravel-image-sanitize/feed)WikiDiscussions master Synced 3d ago

READMEChangelog (10)Dependencies (20)Versions (18)Used By (0)

[![Laravel Image Sanitize logo](https://raw.githubusercontent.com/laravel-at/laravel-image-sanitize/master/art/logo.png)](https://raw.githubusercontent.com/laravel-at/laravel-image-sanitize/master/art/logo.png)

It prevents malicious code execution!
=====================================

[](#it-prevents-malicious-code-execution)

[![Latest Version on Packagist](https://camo.githubusercontent.com/b35a5cea7688a8a3084d071fc24ed54e84280c7b2405fc9344d9ff93e33b854f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6c61726176656c2d61742f6c61726176656c2d696d6167652d73616e6974697a652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/laravel-at/laravel-image-sanitize)[![GitHub Tests Action Status](https://github.com/laravel-at/laravel-image-sanitize/workflows/tests/badge.svg)](https://github.com/laravel-at/laravel-image-sanitize/actions)[![Total Downloads](https://camo.githubusercontent.com/c097477e047d75a606ef00d392e03f52ac43365b98f54e005e853ad077040fc1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6c61726176656c2d61742f6c61726176656c2d696d6167652d73616e6974697a652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/laravel-at/laravel-image-sanitize)

This is a small but handy package to prevent malicious code execution coming into your application through uploaded images. It was created after being inspired by [@appelsiini](https://github.com/appelsiini)'s [talk on How to Hack your Laravel Application](https://speakerdeck.com/anamus/how-your-laravel-application-can-get-hacked-f7acca32-3721-4c06-9a2e-5965cd9a4a29)

Installation
------------

[](#installation)

This version requires PHP 8.3+, Laravel 12 or 13, and Intervention Image 4.

You can install the package via composer:

```
composer require laravel-at/laravel-image-sanitize
```

Usage
-----

[](#usage)

Apply the middleware to routes that receive image uploads:

```
use App\Http\Controllers\FileController;
use LaravelAt\ImageSanitize\ImageSanitizeMiddleware;

Route::post('/files', [FileController::class, 'upload'])
    ->name('file.upload')
    ->middleware(ImageSanitizeMiddleware::class);
```

If you prefer a middleware alias, register it in your application's `bootstrap/app.php` file:

```
use Illuminate\Foundation\Configuration\Middleware;
use LaravelAt\ImageSanitize\ImageSanitizeMiddleware;

->withMiddleware(function (Middleware $middleware): void {
    $middleware->alias([
        'image-sanitize' => ImageSanitizeMiddleware::class,
    ]);
})
```

Then use the alias on your upload routes:

```
Route::post('/files', [FileController::class, 'upload'])
    ->name('file.upload')
    ->middleware('image-sanitize');
```

If you want to learn more about middlewares, please check out the [official Laravel documentation](https://laravel.com/docs/13.x/middleware).

Configuration
-------------

[](#configuration)

You may publish the configuration file:

```
php artisan vendor:publish --tag=image-sanitize-config
```

The default configuration scans JPEG, PNG, GIF, BMP, and WebP uploads for suspicious byte patterns, then re-encodes matching images through Intervention Image. SVG files are not supported by default.

```
return [
    'allowed_mime_types' => [
        'image/jpeg',
        'image/png',
        'image/gif',
        'image/bmp',
        'image/webp',
    ],

    'patterns' => [
        '
