其实很简单.通过已知安全的图像过滤器运行所有上传的图像.如果它返回不是图像错误"，那么您就有恶作剧了.(一个简单的例子是身份转换，或 JPEG 质量标准化技术.)重要的一点是，实际上使用过滤器的输出，而不是原始文件.

It's really rather simple. Run all uploaded images through an image filter that is known to be safe. If it kicks back with a "Not an image error", you have shenanigans. (A simple example would be an identity transform, or a JPEG quality normalization technique.) An important point, tho', is to actually use the output from the filter, not the original file.