Manuel Lemos signe un billet très intéressant concernant un problème de sécurité concernant les fichiers GIF et leur traitement par PHP

The problem that was discovered is that you can insert PHP code in the middle of a GIF image. That would not be a problem if it was not for the insecure ways some developers use to serve images upload by their users.

Usually, uploaded files are moved to a given directory. If the site then serves the images directly from that directory and preserve the original file name, the site may be open for security exploits.