Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?

pictures rejected because of possible "evil payload"

Asked Modified Viewed 1,731 times
I
iceman50
I
  • Member, joined since
  • Contributed 69 posts on the community forums.
  • Started 24 threads in the forums
  • Started this discussions
asked
Member

I just got 2 pictures rejected that I tried to upload to my site.
Both pictures are portraits, and a part of a larger set.
Where can I manage the settings to avoid this in the future?
0 replies

4 posts

F
Falk
F
Falk 148
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct

(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
  • Super Admin, joined since
  • Contributed 6,201 posts on the community forums.
  • Started 639 threads in the forums
  • Answered 12 questions
answered
Super Admin

There are no setting to toggle this. Images that are uploaded need to be unprocessed by 3d party programs that may add a header tags in the image code. There are many topics about this thru out our forums here.
0 replies
I
iceman50
I
  • Member, joined since
  • Contributed 69 posts on the community forums.
  • Started 24 threads in the forums
  • Started this discussions
answered
Member

It is standard .jpg pictures converted from raw in Adobe Lightroom.
This is the first time I experience this in PHP Fusion, and I start to consider if PHP Fusion is the right CMS for me.
I have used PHPFusion since version 6 and love the concept.
0 replies
C
Chan
C
Chan 0
Lead Developer of PHP-Fusion
  • Super Admin, joined since
  • Contributed 3,842 posts on the community forums.
  • Started 232 threads in the forums
  • Answered 6 questions
answered
Super Admin

Safe image handling toggle off can be added in the next version. But this feature is a necessary one because of inline codes in images. To remove the embedded code in the image, you can use image processor software like Adobe Photoshop and save as .jpg again.
Edited by Chan on 19-03-2019 15:30,
0 replies
F
Falk
F
Falk 148
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct

(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
  • Super Admin, joined since
  • Contributed 6,201 posts on the community forums.
  • Started 639 threads in the forums
  • Answered 12 questions
answered
Super Admin

The problem with your image is that it does not pass the safety check due to possible payload embedded. ( Trojan if you will ) as mentioned.
When you open failed images that fail the check, you will find similar lines as the following,
<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?>


PHPFusion do not allow any payloads of any kind to be embedded in image uploads. There are really no way around this one since anyone can attach any script in an Avatar or forum attachment etc.

If our MIME check fail for some reason it can be disabled via the 9 Settings. But this image verify safety check is standard, payloads have nothing to do in images.
You need to make sure that images are clean.
Many sites have been hacked using this method, that is why it is required and it has been so since at least late PHPFusion 6.
A reason that some images start to fail for you now might be that you use new or upgraded programs that add codes to your images that you are not yet aware of.

To be extra specific, In order for our safety checks to be efficient to a wide range of possible attacks we need to search and reject all types of <? and eval(), since your image contain php code it is rejected by Core , default.

See if you can turn off any ID or xml identification injections to images you post process before uploading to your system.
Edited by N/A on 26-03-2019 15:36,
0 replies

Labels

Statistics

  • Views 0 views
  • Posts 4 posts
  • Votes 0 votes
  • Topic users 3 members

3 participants

F
F
Falk 148
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct

(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
  • Super Admin, joined since
  • Contributed 6,201 posts on the community forums.
  • Started 639 threads in the forums
  • Answered 12 questions
C
C
Chan 0
Lead Developer of PHP-Fusion
  • Super Admin, joined since
  • Contributed 3,842 posts on the community forums.
  • Started 232 threads in the forums
  • Answered 6 questions
I
I
  • Member, joined since
  • Contributed 69 posts on the community forums.
  • Started 24 threads in the forums
  • Started this discussions

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet