Attachment type not allowed ...
Asked Modified Viewed 4,757 times
janmol
janmol 10
...........................
Jan Mølgård
PHP-Fusion, Denmark
Phone: 004528966794
Mail: janmol@wordit.dk
Mail: janm@janm.dk
Testsite version 9: http://php-fusion.dk/fusion_9_test/
Jan Mølgård
PHP-Fusion, Denmark
Phone: 004528966794
Mail: janmol@wordit.dk
Mail: janm@janm.dk
Testsite version 9: http://php-fusion.dk/fusion_9_test/
- Veteran Member, joined since
- Contributed 752 posts on the community forums.
- Started 256 threads in the forums
- Started this discussions
Tried to attach a simple jpg-file but got this error message in this site ... :(
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
Double check so the real file format match the list in your settings. ( Forum Settings : Allowed file types: )
janmol
janmol 10
...........................
Jan Mølgård
PHP-Fusion, Denmark
Phone: 004528966794
Mail: janmol@wordit.dk
Mail: janm@janm.dk
Testsite version 9: http://php-fusion.dk/fusion_9_test/
Jan Mølgård
PHP-Fusion, Denmark
Phone: 004528966794
Mail: janmol@wordit.dk
Mail: janm@janm.dk
Testsite version 9: http://php-fusion.dk/fusion_9_test/
- Veteran Member, joined since
- Contributed 752 posts on the community forums.
- Started 256 threads in the forums
- Started this discussions
It was HERE I experienced this - not on my testsite :)
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
You did post in the Beta 9 forum, thread moved. ( Thread moved )
But answer remains the same. it is probably not a matching format, I see many images upload all the time.
Iif you want you can mail me the image and I can double check it.
But answer remains the same. it is probably not a matching format, I see many images upload all the time.
Iif you want you can mail me the image and I can double check it.
janmol
janmol 10
...........................
Jan Mølgård
PHP-Fusion, Denmark
Phone: 004528966794
Mail: janmol@wordit.dk
Mail: janm@janm.dk
Testsite version 9: http://php-fusion.dk/fusion_9_test/
Jan Mølgård
PHP-Fusion, Denmark
Phone: 004528966794
Mail: janmol@wordit.dk
Mail: janm@janm.dk
Testsite version 9: http://php-fusion.dk/fusion_9_test/
- Veteran Member, joined since
- Contributed 752 posts on the community forums.
- Started 256 threads in the forums
- Started this discussions
OK - no big deal :)
answered
It's coz mimetypes is broken and we have known that since it was introduced in 7.02.07 there is lots of threads about it. Use search! lol
[LOCKED]
[LOCKED]
answered
Ok what are we supposed to do to fix this? I am having the same problem with my install of 7.02 I am absolutely positive that it is an allowed file type ( a simple .jpg file) that I am trying to upload in our forums. The same one I will try to attach here but it tells me the same thing in these forums. Attachment type not allowed. I checked includes/mimetypes_include.php and it shows the file type for .jpg and .jpeg but it still will not let me upload the file.
answered
To fix it, you have to fix the image maybe.. try to do this.. open photoshop, resave file to either png or jpg format. In 9.00 we can disable mimecheck header. Not possible before 7.06.
We have encountered hacker uploaded an malicious image containing xss codes inside the image and this exploit was related to IE image flaws back in 06'-07', so our devs introduced the mimecheck to prevent upload of unwanted files because either:
1. filetype is corrupt, and browser filetype responded failed to match our large mimecheck allowed types (we have a big list)
2. filename is not correct
3. file image has codes that can executed offsite. This is xss vulnerabilities and therefore the mimecheck was introduced to prevent that.
4. a 1:1 photoshopped file (uncompressed) could result this. a window bitmap paint image save could also result this. Almost everything happen with .jpg files format. Go for .png.
We have encountered hacker uploaded an malicious image containing xss codes inside the image and this exploit was related to IE image flaws back in 06'-07', so our devs introduced the mimecheck to prevent upload of unwanted files because either:
1. filetype is corrupt, and browser filetype responded failed to match our large mimecheck allowed types (we have a big list)
2. filename is not correct
3. file image has codes that can executed offsite. This is xss vulnerabilities and therefore the mimecheck was introduced to prevent that.
4. a 1:1 photoshopped file (uncompressed) could result this. a window bitmap paint image save could also result this. Almost everything happen with .jpg files format. Go for .png.
answered
You are right. I don't know what it is with the particular image that I try to upload but when I upload a .jpg image that I created with Adobe Fireworks that I saved as a jpg file, it let me upload that image. When I try to upload a jpg file that was a screenshot that was created by my game I play,it won't let me do it even though the game saves the file as a jpg image. I will have to open those files and resave them as a jpg file and see what happens. Thanks for your help.
Edited by N/A on 25-10-2014 13:20,
answered
Thank you. Assumed resolved.
douwe_yntema
douwe_yntema 33
- Senior Member, joined since
- Contributed 667 posts on the community forums.
- Started 57 threads in the forums
- Answered 1 question
answered
Quote
Thank you. Assumed resolved.
- by hien
Yes this issue is resolved. Even though the fix that douwe_yntema posts above will work, the fix he points to is dangerous and I would not recommend it. I am informing all of our users that they will need to resave their images from screenshots that their game creates using a good image editor ( I use Adobe Firewoks) which saves the file in a true .jpg format.
I had same problem before 15 minutes, when one of my users wanted to change avatar. I think, here is bad regex pattern in function verify_image
Code Download source
// Scan image files for malicious code
function verify_image($file) {
$txt = file_get_contents($file);
$image_safe = true;
// if (preg_match('#<?php#i', $txt)) { $image_safe = false; } // this line has BAD regex, cause < and ? is special symbols for regexes this condition is true if u have just $txt = ".....php...." not just for "....<?php....."
if (preg_match('#\<\?php#i', $txt)) { $image_safe = false; } // this is better and function for me
elseif (preg_match('#&(quot|lt|gt|nbsp|<?php);#i', $txt)) { $image_safe = false; }
elseif (preg_match("#&\#x([0-9a-f]+);#i", $txt)) { $image_safe = false; }
elseif (preg_match('#&\#([0-9]+);#i', $txt)) { $image_safe = false; }
elseif (preg_match("#([a-z]*)=([\\'\"]*)script:#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#([a-z]*)=([\\'\"]*)javascript:#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#([a-z]*)=([\'\"]*)vbscript:#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#(<[^>]+)style=([\\'\"]*).*expression\([^>]*>#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#(<[^>]+)style=([\\'\"]*).*behaviour\([^>]*>#iU", $txt)) { $image_safe = false; }
elseif (preg_match("#</*(applet|link|style|script|iframe|frame|frameset)[^>]*>#i", $txt)) { $image_safe = false; }
return $image_safe;
} answered
Indeed, thanks for looking into it and reporting, fixed in v9.
Wanabo
Wanabo 10
- Senior Member, joined since
- Contributed 598 posts on the community forums.
- Started 94 threads in the forums
Excuse me but the fix on github is only partial!!
Line 795: https://github.com/PHPFusion/PHPFusio...incore.php
Should be:
Note the extra slash.
The special regular expression characters are: . \ + * ? [ ^ ] $ ( ) { } = ! < > | : -
So they should be escaped.
Great find btw Jimik85! :)
Line 795: https://github.com/PHPFusion/PHPFusio...incore.php
Code Download source
if (preg_match('#<\?php#i', $txt)) {Should be:
Code Download source
if (preg_match('#\<\?php#i', $txt)) {Note the extra slash.
The special regular expression characters are: . \ + * ? [ ^ ] $ ( ) { } = ! < > | : -
So they should be escaped.
Great find btw Jimik85! :)
answered
That happens when you do things when you're tired. Thanks for reporting, FIXED.. for real now :D
Wanabo
Wanabo 10
- Senior Member, joined since
- Contributed 598 posts on the community forums.
- Started 94 threads in the forums
Can happen. :)
While you're at it fixing slashes, take a look at [Fix] password contains invalid characters!
While you're at it fixing slashes, take a look at [Fix] password contains invalid characters!
answered
So that is just a locale typo, right?
Wanabo
Wanabo 10
- Senior Member, joined since
- Contributed 598 posts on the community forums.
- Started 94 threads in the forums
Correct, but a nasty one. If people use a \ (backslash) in their password they get the message: "Password is too short or contains invalid characters"
Due to the invalid character.
The regex seems ok though.
Due to the invalid character.
The regex seems ok though.
answered
Fixed that too Wanabo, thanks.
Category Forum
Suspected Bugs and Errors - 9Labels
None yet
Statistics
- Views 0 views
- Posts 19 posts
- Votes 0 votes
- Topic users 9 members
9 participants
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
janmol 10
...........................
Jan Mølgård
PHP-Fusion, Denmark
Phone: 004528966794
Mail: janmol@wordit.dk
Mail: janm@janm.dk
Testsite version 9: http://php-fusion.dk/fusion_9_test/
Jan Mølgård
PHP-Fusion, Denmark
Phone: 004528966794
Mail: janmol@wordit.dk
Mail: janm@janm.dk
Testsite version 9: http://php-fusion.dk/fusion_9_test/
- Veteran Member, joined since
- Contributed 752 posts on the community forums.
- Started 256 threads in the forums
- Started this discussions
Craig 14
- Fusioneer, joined since
- Contributed 4,462 posts on the community forums.
- Started 212 threads in the forums
Wanabo 10
- Senior Member, joined since
- Contributed 598 posts on the community forums.
- Started 94 threads in the forums
Chan 0
Lead Developer of PHP-Fusion
- Super Admin, joined since
- Contributed 3,841 posts on the community forums.
- Started 232 threads in the forums
- Answered 6 questions
SnakeEye 10
If it aint broke...Don't fix it!
- Junior Member, joined since
- Contributed 37 posts on the community forums.
- Started 15 threads in the forums
JoiNNN 10
- Veteran Member, joined since
- Contributed 850 posts on the community forums.
- Started 100 threads in the forums
douwe_yntema 33
- Senior Member, joined since
- Contributed 667 posts on the community forums.
- Started 57 threads in the forums
- Answered 1 question
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions