I just got 2 pictures rejected that I tried to upload to my site. Both pictures are portraits, and a part of a larger set. Where can I manage the settings to avoid this in the future?
Need help?, Having trouble? • View our Documentation for Guides, Standards and Functions • Name and Organize your Topics and Content correctly in the corresponding Forums for best support results • Attaching Log Files and Screenshots when reporting issues will help • Provide with an URL to live example if one exists • Please read the How to Report an Error post • Please read and comply with the Code of Conduct
There are no setting to toggle this. Images that are uploaded need to be unprocessed by 3d party programs that may add a header tags in the image code. There are many topics about this thru out our forums here.
It is standard .jpg pictures converted from raw in Adobe Lightroom. This is the first time I experience this in PHP Fusion, and I start to consider if PHP Fusion is the right CMS for me. I have used PHPFusion since version 6 and love the concept.
Safe image handling toggle off can be added in the next version. But this feature is a necessary one because of inline codes in images. To remove the embedded code in the image, you can use image processor software like Adobe Photoshop and save as .jpg again.
Need help?, Having trouble? • View our Documentation for Guides, Standards and Functions • Name and Organize your Topics and Content correctly in the corresponding Forums for best support results • Attaching Log Files and Screenshots when reporting issues will help • Provide with an URL to live example if one exists • Please read the How to Report an Error post • Please read and comply with the Code of Conduct
The problem with your image is that it does not pass the safety check due to possible payload embedded. ( Trojan if you will ) as mentioned. When you open failed images that fail the check, you will find similar lines as the following,
PHPFusion do not allow any payloads of any kind to be embedded in image uploads. There are really no way around this one since anyone can attach any script in an Avatar or forum attachment etc.
If our MIME check fail for some reason it can be disabled via the 9 Settings. But this image verify safety check is standard, payloads have nothing to do in images. You need to make sure that images are clean. Many sites have been hacked using this method, that is why it is required and it has been so since at least late PHPFusion 6. A reason that some images start to fail for you now might be that you use new or upgraded programs that add codes to your images that you are not yet aware of.
To be extra specific, In order for our safety checks to be efficient to a wide range of possible attacks we need to search and reject all types of <? and eval(), since your image contain php code it is rejected by Core , default.
See if you can turn off any ID or xml identification injections to images you post process before uploading to your system.
Need help?, Having trouble? • View our Documentation for Guides, Standards and Functions • Name and Organize your Topics and Content correctly in the corresponding Forums for best support results • Attaching Log Files and Screenshots when reporting issues will help • Provide with an URL to live example if one exists • Please read the How to Report an Error post • Please read and comply with the Code of Conduct