Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?

Attachment type not allowed ...

Asked Modified Viewed 4,883 times
J
janmol
J
janmol 10
...........................
Jan Mølgård
PHP-Fusion, Denmark
Phone: 004528966794
Mail: janmol@wordit.dk
Mail: janm@janm.dk

Testsite version 9: http://php-fusion.dk/fusion_9_test/
  • Veteran Member, joined since
  • Contributed 752 posts on the community forums.
  • Started 256 threads in the forums
  • Started this discussions
asked
Veteran Member

Tried to attach a simple jpg-file but got this error message in this site ... :(
0 replies

19 posts

F
Falk
F
Falk 146
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct

(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
  • Super Admin, joined since
  • Contributed 6,201 posts on the community forums.
  • Started 639 threads in the forums
  • Answered 12 questions
answered
Super Admin

Double check so the real file format match the list in your settings. ( Forum Settings : Allowed file types: )
0 replies
J
janmol
J
janmol 10
...........................
Jan Mølgård
PHP-Fusion, Denmark
Phone: 004528966794
Mail: janmol@wordit.dk
Mail: janm@janm.dk

Testsite version 9: http://php-fusion.dk/fusion_9_test/
  • Veteran Member, joined since
  • Contributed 752 posts on the community forums.
  • Started 256 threads in the forums
  • Started this discussions
answered
Veteran Member

It was HERE I experienced this - not on my testsite :)
0 replies
F
Falk
F
Falk 146
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct

(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
  • Super Admin, joined since
  • Contributed 6,201 posts on the community forums.
  • Started 639 threads in the forums
  • Answered 12 questions
answered
Super Admin

You did post in the Beta 9 forum, thread moved. ( Thread moved )
But answer remains the same. it is probably not a matching format, I see many images upload all the time.
Iif you want you can mail me the image and I can double check it.
0 replies
J
janmol
J
janmol 10
...........................
Jan Mølgård
PHP-Fusion, Denmark
Phone: 004528966794
Mail: janmol@wordit.dk
Mail: janm@janm.dk

Testsite version 9: http://php-fusion.dk/fusion_9_test/
  • Veteran Member, joined since
  • Contributed 752 posts on the community forums.
  • Started 256 threads in the forums
  • Started this discussions
answered
Veteran Member

OK - no big deal :)
0 replies
C
Craig
C
Craig 14
  • Fusioneer, joined since
  • Contributed 4,462 posts on the community forums.
  • Started 212 threads in the forums
answered
Fusioneer

It's coz mimetypes is broken and we have known that since it was introduced in 7.02.07 there is lots of threads about it. Use search! lol

[LOCKED]
0 replies
S
SnakeEye
S
If it aint broke...Don't fix it!
  • Junior Member, joined since
  • Contributed 37 posts on the community forums.
  • Started 15 threads in the forums
answered
Junior Member

Ok what are we supposed to do to fix this? I am having the same problem with my install of 7.02 I am absolutely positive that it is an allowed file type ( a simple .jpg file) that I am trying to upload in our forums. The same one I will try to attach here but it tells me the same thing in these forums. Attachment type not allowed. I checked includes/mimetypes_include.php and it shows the file type for .jpg and .jpeg but it still will not let me upload the file.
0 replies
C
Chan
C
Chan 0
Lead Developer of PHP-Fusion
  • Super Admin, joined since
  • Contributed 3,842 posts on the community forums.
  • Started 232 threads in the forums
  • Answered 6 questions
answered
Super Admin

To fix it, you have to fix the image maybe.. try to do this.. open photoshop, resave file to either png or jpg format. In 9.00 we can disable mimecheck header. Not possible before 7.06.

We have encountered hacker uploaded an malicious image containing xss codes inside the image and this exploit was related to IE image flaws back in 06'-07', so our devs introduced the mimecheck to prevent upload of unwanted files because either:
1. filetype is corrupt, and browser filetype responded failed to match our large mimecheck allowed types (we have a big list)
2. filename is not correct
3. file image has codes that can executed offsite. This is xss vulnerabilities and therefore the mimecheck was introduced to prevent that.
4. a 1:1 photoshopped file (uncompressed) could result this. a window bitmap paint image save could also result this. Almost everything happen with .jpg files format. Go for .png.
0 replies
S
SnakeEye
S
If it aint broke...Don't fix it!
  • Junior Member, joined since
  • Contributed 37 posts on the community forums.
  • Started 15 threads in the forums
answered
Junior Member

You are right. I don't know what it is with the particular image that I try to upload but when I upload a .jpg image that I created with Adobe Fireworks that I saved as a jpg file, it let me upload that image. When I try to upload a jpg file that was a screenshot that was created by my game I play,it won't let me do it even though the game saves the file as a jpg image. I will have to open those files and resave them as a jpg file and see what happens. Thanks for your help.
Edited by N/A on 25-10-2014 13:20,
0 replies
C
Chan
C
Chan 0
Lead Developer of PHP-Fusion
  • Super Admin, joined since
  • Contributed 3,842 posts on the community forums.
  • Started 232 threads in the forums
  • Answered 6 questions
answered
Super Admin

Thank you. Assumed resolved.
0 replies
D
douwe_yntema
D
  • Senior Member, joined since
  • Contributed 667 posts on the community forums.
  • Started 57 threads in the forums
  • Answered 1 question
answered
Senior Member

S
SnakeEye
S
If it aint broke...Don't fix it!
  • Junior Member, joined since
  • Contributed 37 posts on the community forums.
  • Started 15 threads in the forums
answered
Junior Member

Quote

Thank you. Assumed resolved.
- by hien


Yes this issue is resolved. Even though the fix that douwe_yntema posts above will work, the fix he points to is dangerous and I would not recommend it. I am informing all of our users that they will need to resave their images from screenshots that their game creates using a good image editor ( I use Adobe Firewoks) which saves the file in a true .jpg format.
0 replies
J
Jimik85
J
  • Newbie, joined since
  • Contributed 1 post on the community forums.
answered
Newbie

I had same problem before 15 minutes, when one of my users wanted to change avatar. I think, here is bad regex pattern in function verify_image
// Scan image files for malicious code
function verify_image($file) {
   $txt = file_get_contents($file);
   $image_safe = true;
//   if (preg_match('#<?php#i', $txt)) { $image_safe = false; } // this line has BAD regex, cause < and ? is special symbols for regexes this condition is true if u have just $txt = ".....php...." not just for "....<?php....."
   if (preg_match('#\<\?php#i', $txt)) { $image_safe = false; } // this is better and function for me
   elseif (preg_match('#&(quot|lt|gt|nbsp|<?php);#i', $txt)) { $image_safe = false; }
   elseif (preg_match("#&\#x([0-9a-f]+);#i", $txt)) { $image_safe = false; }
   elseif (preg_match('#&\#([0-9]+);#i', $txt)) { $image_safe = false; }
   elseif (preg_match("#([a-z]*)=([\\'\"]*)script:#iU", $txt)) { $image_safe = false; }
   elseif (preg_match("#([a-z]*)=([\
\'\"]*)javascript:#iU", $txt)) { $image_safe = false; }
   elseif (preg_match("#([a-z]*)=([\'\"]*)vbscript:#iU", $txt)) { $image_safe = false; }
   elseif (preg_match("#(<[^>]+)style=([\\'\"]*).*expression\([^>]*>#iU", $txt)) { $image_safe = false; }
   elseif (preg_match("#(<[^>]+)style=([\
\'\"]*).*behaviour\([^>]*>#iU", $txt)) { $image_safe = false; }
   elseif (preg_match("#</*(applet|link|style|script|iframe|frame|frameset)[^>]*>#i", $txt)) { $image_safe = false; }
   return $image_safe;
}
0 replies
J
JoiNNN
J
JoiNNN 10
  • Veteran Member, joined since
  • Contributed 850 posts on the community forums.
  • Started 100 threads in the forums
answered
Veteran Member

Indeed, thanks for looking into it and reporting, fixed in v9.
0 replies
W
Wanabo
W
Wanabo 10
www.probemyip.com/probe-my-ip-80x15.png
pHp-Fusion.Asia & pHp-Fusion.Fr & pHp-Fusion.Cn are available for a localized support community. Send PB for info.
  • Senior Member, joined since
  • Contributed 598 posts on the community forums.
  • Started 94 threads in the forums
answered
Senior Member

Excuse me but the fix on github is only partial!!
Line 795: https://github.com/PHPFusion/PHPFusio...incore.php

   if (preg_match('#<\?php#i', $txt)) {

Should be:
   if (preg_match('#\<\?php#i', $txt)) {

Note the extra slash.

The special regular expression characters are: . \ + * ? [ ^ ] $ ( ) { } = ! < > | : -
So they should be escaped.

Great find btw Jimik85! :)
0 replies
J
JoiNNN
J
JoiNNN 10
  • Veteran Member, joined since
  • Contributed 850 posts on the community forums.
  • Started 100 threads in the forums
answered
Veteran Member

That happens when you do things when you're tired. Thanks for reporting, FIXED.. for real now :D
0 replies
W
Wanabo
W
Wanabo 10
www.probemyip.com/probe-my-ip-80x15.png
pHp-Fusion.Asia & pHp-Fusion.Fr & pHp-Fusion.Cn are available for a localized support community. Send PB for info.
  • Senior Member, joined since
  • Contributed 598 posts on the community forums.
  • Started 94 threads in the forums
answered
Senior Member

Can happen. :)
While you're at it fixing slashes, take a look at [Fix] password contains invalid characters!
0 replies
J
JoiNNN
J
JoiNNN 10
  • Veteran Member, joined since
  • Contributed 850 posts on the community forums.
  • Started 100 threads in the forums
answered
Veteran Member

So that is just a locale typo, right?
0 replies
W
Wanabo
W
Wanabo 10
www.probemyip.com/probe-my-ip-80x15.png
pHp-Fusion.Asia & pHp-Fusion.Fr & pHp-Fusion.Cn are available for a localized support community. Send PB for info.
  • Senior Member, joined since
  • Contributed 598 posts on the community forums.
  • Started 94 threads in the forums
answered
Senior Member

Correct, but a nasty one. If people use a \ (backslash) in their password they get the message: "Password is too short or contains invalid characters"
Due to the invalid character.

The regex seems ok though.
0 replies
J
JoiNNN
J
JoiNNN 10
  • Veteran Member, joined since
  • Contributed 850 posts on the community forums.
  • Started 100 threads in the forums
answered
Veteran Member

Fixed that too Wanabo, thanks.
0 replies

Labels

None yet

Statistics

  • Views 0 views
  • Posts 19 posts
  • Votes 0 votes
  • Topic users 9 members

9 participants

F
F
Falk 146
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct

(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
  • Super Admin, joined since
  • Contributed 6,201 posts on the community forums.
  • Started 639 threads in the forums
  • Answered 12 questions
J
J
janmol 10
...........................
Jan Mølgård
PHP-Fusion, Denmark
Phone: 004528966794
Mail: janmol@wordit.dk
Mail: janm@janm.dk

Testsite version 9: http://php-fusion.dk/fusion_9_test/
  • Veteran Member, joined since
  • Contributed 752 posts on the community forums.
  • Started 256 threads in the forums
  • Started this discussions
C
C
Craig 14
  • Fusioneer, joined since
  • Contributed 4,462 posts on the community forums.
  • Started 212 threads in the forums
W
W
Wanabo 10
www.probemyip.com/probe-my-ip-80x15.png
pHp-Fusion.Asia & pHp-Fusion.Fr & pHp-Fusion.Cn are available for a localized support community. Send PB for info.
  • Senior Member, joined since
  • Contributed 598 posts on the community forums.
  • Started 94 threads in the forums
C
C
Chan 0
Lead Developer of PHP-Fusion
  • Super Admin, joined since
  • Contributed 3,842 posts on the community forums.
  • Started 232 threads in the forums
  • Answered 6 questions
S
S
If it aint broke...Don't fix it!
  • Junior Member, joined since
  • Contributed 37 posts on the community forums.
  • Started 15 threads in the forums
J
J
JoiNNN 10
  • Veteran Member, joined since
  • Contributed 850 posts on the community forums.
  • Started 100 threads in the forums
D
D
  • Senior Member, joined since
  • Contributed 667 posts on the community forums.
  • Started 57 threads in the forums
  • Answered 1 question
J
J
  • Newbie, joined since
  • Contributed 1 post on the community forums.

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet