puma shoes
|puma speed cat|puma future cat
puma shoes
|Men's Puma - SF Drift Cat|Puma - SF Drift Cat
puma shoes
|Men's Puma Baylee Future Cat II|Puma Baylee Future Cat II
puma shoes
|Men's Puma Doshu Combat Shoes|Puma Doshu Combat Shoes
puma shoes
|Men's Puma Fluxion II|Puma Fluxion II
puma shoes
|Men's Puma Future Cat GT Ferrari|Puma Future Cat GT Ferrari
puma shoes
|Men's Puma Future Cat Lo Engine|Puma Future Cat Lo Engine
puma shoes
|Men's Puma Future Cat Low|Puma Future Cat Low
puma shoes
|Men's Puma Lazy Insect|Puma Lazy Insect
puma shoes
|Men's Puma SF Trionfo Low|Puma SF Trionfo Low
puma shoes
|Men's Puma Speed Cat|Puma Speed Cat
puma shoes
|Men's Puma Speed Cat Big|Puma Speed Cat Big
puma shoes
|Men's Puma Trionfo Lo L II
|Puma Trionfo Lo L II
puma shoes
|Men's Puma Trionfo Low BAYLEE|Puma Trionfo Low BAYLEE
puma shoes
|Men's Speed Cat Big|Speed Cat Big
puma shoes
|Puma Ducati Testastretta|Puma Ducati
puma shoes
|Puma Kimi Raikkonen shoes white/Jade|Puma Kimi Raikkonen shoes
puma shoes
|puma speed cat|puma future cat
puma shoes
|Women's Puma Basket Brights|Puma Basket Brights
puma shoes
|Women's Puma Baylee Future Cat|Puma Baylee Future Cat
puma shoes
|Women's Puma Drift Cat|Puma Drift Cat
puma shoes
|Women's Puma Engine Cat Low|Puma Engine Cat Low
puma shoes
|Women's PUMA Espera Patent FS|PUMA Espera Patent FS
puma shoes
|Women's Puma Ferro Tessuto Shoes|Puma Ferro Tessuto Shoes
puma shoes
|Women's Puma Future Cat Lo White/Red|Puma Future Cat Lo
puma shoes
|Women's Puma Future Cat Low|Puma Future Cat Low
puma shoes
|Women's Puma Repli Cat|Puma Repli Cat
puma shoes
|Women's Puma SF Drift Cat|Puma SF Drift Cat
puma shoes
|Women's Puma Speed Cat Big|Puma Speed Cat Big
puma shoes
|Women's Puma Speed Cat Suede|Puma Speed Cat Suede
--------------------------------------------------------------------------------------------------------------------------------
UGG Bailey Button
| Ugg Bailey Button in Golden
| UGG Bailey Button Boots Black
| UGG Bailey Button Boots Chestnut
| UGG Bailey Button Boots Chocolate
| Ugg Bailey Button Yellow
UGG Classic Argyle Knit
| UGG Classic Argyle Knit black

| UGG Classic Argyle Knit Charcoal
| UGG Classic Argyle Knit Cream
| UGG Classic Argyle Knit Fig
| UGG Classic Argyle Knit Stout
UGG Classic Cardy
| Purple Ugg Boots classic Cardy
| Rose Ugg Boots Classic Cardy
| Ugg Boots Classic Cardy Black
| Ugg Boots Classic Cardy Blue
| Ugg Boots Classic Cardy Gray
| Ugg Boots Classic Cardy White
UGG Classic Crochet
| Chocolate UGG Boots Classic Crochet
| Oatmeal UGG Boots Classic Crochet
UGG Classic Flower
| UGG Classic Tall Tomantic Flower Boots 5802
| UGG Classic Tall Tomantic Flower Boots 5803
UGG Classic Leopard
| UGG Classic Tall Boots 5684 Leopard
UGG Classic Mini
| Chestnut Ugg Boots Classic Mini
| Sand Ugg Boots Classic Mini
UGG Classic Paisley
| UGG Classic Short Paisley 5831 Boot
| UGG Classic Short Paisley Boot
UGG Classic Short
| Ugg Boots Classic Short Chestnut
| Ugg Boots Classic Short Chocolate
UGG Classic Tall
| Chestnut Ugg Boots Classic Tall
| Classic Tall Ugg Boots Chocolate
| Ugg Stripes Classic Tall Boots Black
| Ugg Boots Classic Tall Chocolate
| Ugg Boots Classic Tall Mettlic Gold
| Ugg Boots Classic Tall Mettlic Pewter
UGG Elsey wedge
| UGG Elsey wedge boots In Black
| UGG Elsey Wedge Boots In Chestnut
| UGG Elsey Wedge Boots In Espresso
UGG Infant's Erin Baby
| UGG Infant's Erin Baby Boots in Chestnut
| UGG Infant's Erin Baby Boots in sand
UGG Langley
| UGG Women's Langley Boots Black
UGG Lo Pro Button Black
| UGG Lo Pro Button Black Denim Boots
| UGG Lo Pro Button Blue Denim Boots
| UGG Lo Pro Button Cream Denim Boots
UGG Locarno
| UGG Women's Locarno Boots
UGG Mayfaire
| UGG Mayfaire boots black
| UGG Mayfaire boots Chestnut
| UGG Mayfaire boots chocolate
| UGG Mayfaire boots Sand
UGG Nightfall
| Ugg Boots Nightfall Black
| Ugg Boots Nightfall Chestnut
| Ugg Boots Nightfall Chocolate
| Ugg Boots Nightfall Sand
UGG Rainer Eskimo
| UGG-Rainer-Eskimo-Boots-In-Black
| UGG-Rainer-Eskimo-Boots-In-Cream
UGG Sundance II
| Ugg Boots Sundance II Black
| Ugg Boots Sundance II Chestnut
| Ugg Boots Sundance II Chocolate Brown
| Ugg Boots Sundance II Sand
UGG Ultimate Bind
| Ultimate Bind Ugg Women's Black Boot
| Ultimate Bind Ugg Women's Chestnut Boot
| Ultimate Bind Ugg Women's Chocolate Boot
| Ultimate Bind Ugg Women's Sand Boot
UGG Ultra Short
| UGG Boots Ultra Short Chocolate
| UGG Boots Ultra Short Sand
| UGG Ultra Short - Black
UGG Ultra Tall
| Ugg Boots Ultra Tall Chestnut
| Ugg Boots Ultra Tall Sand
| Ultra Tall Ugg Boots Black
| Ultra Tall Ugg Boots Chocolate
UGG Suede
| Ugg Suede Boots In Black
| Ugg Suede Boots In Chestnut
| Ugg Suede Boots In Sand
UGG Upside
| UGG upside Boots in black
| UGG upside Boots in chestnut
| UGG upside Boots in mocha
UGG Roxy
| Ugg Roxy Boots in black
| Ugg Roxy Boots in Chestnut
| Ugg Roxy Boots in Chocolate
| Ugg Roxy Boots in Sand
UGG seline
| UGG seline Boots in black
| UGG seline Boots in chestnut
| UGG Women's Corinth Boots in Cocoa
UGG Corinth
| UGG Women's Corinth Boots in Cocoa
UGG Liberty
| UGG Womens Liberty boots in black 5509
| UGG Womens Liberty boots in Cigar 5509
UGG Highkoo
| UGG Highkoo Boots amber brown 5765
| UGG Highkoo Boots amber espresso 5765
| UGG Highkoo Boots in grey 5765
| UGG Highkoo Boots in black 5765
UGG Knightsbridge
| UGG Knightsbridge Boots in black 5119
| UGG Knightsbridge Boots In Chestnut 5119
| UGG Knightsbridge Boots in grey 5119
| UGG Knightsbridge Boots in Sand 5119
| UGG Knightsbridge in Chocolate 5119
UGG Bomber Jacket
| Ugg Classic Tall Bomber Jacket Boots In Chestnut
| Ugg Classic Tall Bomber Jacket Boots In Chocolate
| Ugg Classic Tall Bomber Jacket Boots In Pink
Ugg News

I see it stripped my example out of the sentence. In the last sentence of the second paragraph of my last comment:

"Because it was specially crafted it will be a few literal characters (strange symbols and stuff that makes up the header) then somewhere in there it will see ."

Should be:
"Because it was specially crafted it will be a few literal characters (strange symbols and stuff that makes up the header) then somewhere in there it will see php tags since it interprets it as text instead of binary data."

* The mispelled phrase "dyanamic GIF creation" should be "handling of GIF uploads and displaying GIF images"
* The phrase "readfile to grab" should be "readfile or echo statement to output".
* The word "echo" should be "include or require statement".

----
It's not dynamic image "creation" that's the problem. If the image is created server side, its almost certainly safe. The problem is when users upload an image, PHP sites tend to do a few things to avoid security exploits.

Sometimes they use imagecreate to check that it is a valid GIF. This checks the first few binary bits of the file to make sure that it starts with a GIF header. The big deal is that with specially crafted code you can put the correct header bits in the beginning of the file and then include a PHP script that looks like binary image data. So if the server serves the page as an image it will really be a normal (if weird looking) image. But if the server looks at it as a script it will interpret the binary data as text instead. Because it was speccially crafted it will be a few literal characters (strange symbols and stuff that makes up the header) then somewhere in there it will see .

This is the big deal, it both a valid image AND a php script depending on how it gets parsed by the server.

So many people just check that it is a valid image then upload it. This would be okay as long as they make sure the image has a GIF extension. But if it manages to sneak in with a .php extension anyone can go directly to the folder where the image is stored to execute it as PHP even though the file is a valid GIF file.

However, many setups don't worry about the extension because they use a script like gallery.php?image=malicious_image.php to output the image if you do this, first make sure that no one can go directly to the folder. Use .htaccess to deny access as mentioned in the PHPclasses article.

But there is also a less common exploit. If you use a script like gallery.php make sure that it outputs the binary data instead of parsing the image as php script. The "include" and "require" commands with execute it as script.

But readfile or fread used with echo is perfectly safe. In fact the PHPclasses site most likly uses a straight echo. Since fread used with echo can start outputing data before reading in the whole file, echo is probably the best way to do this.