pictures rejected because of possible "evil payload"
Asked Modified Viewed 1,603 times
asked
I just got 2 pictures rejected that I tried to upload to my site.
Both pictures are portraits, and a part of a larger set.
Where can I manage the settings to avoid this in the future?
Both pictures are portraits, and a part of a larger set.
Where can I manage the settings to avoid this in the future?
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
There are no setting to toggle this. Images that are uploaded need to be unprocessed by 3d party programs that may add a header tags in the image code. There are many topics about this thru out our forums here.
answered
It is standard .jpg pictures converted from raw in Adobe Lightroom.
This is the first time I experience this in PHP Fusion, and I start to consider if PHP Fusion is the right CMS for me.
I have used PHPFusion since version 6 and love the concept.
This is the first time I experience this in PHP Fusion, and I start to consider if PHP Fusion is the right CMS for me.
I have used PHPFusion since version 6 and love the concept.
answered
Safe image handling toggle off can be added in the next version. But this feature is a necessary one because of inline codes in images. To remove the embedded code in the image, you can use image processor software like Adobe Photoshop and save as .jpg again.
Edited by Chan on 19-03-2019 16:30,
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
The problem with your image is that it does not pass the safety check due to possible payload embedded. ( Trojan if you will ) as mentioned.
When you open failed images that fail the check, you will find similar lines as the following,
PHPFusion do not allow any payloads of any kind to be embedded in image uploads. There are really no way around this one since anyone can attach any script in an Avatar or forum attachment etc.
If our MIME check fail for some reason it can be disabled via the 9 Settings. But this image verify safety check is standard, payloads have nothing to do in images.
You need to make sure that images are clean.
Many sites have been hacked using this method, that is why it is required and it has been so since at least late PHPFusion 6.
A reason that some images start to fail for you now might be that you use new or upgraded programs that add codes to your images that you are not yet aware of.
To be extra specific, In order for our safety checks to be efficient to a wide range of possible attacks we need to search and reject all types of <? and eval(), since your image contain php code it is rejected by Core , default.
See if you can turn off any ID or xml identification injections to images you post process before uploading to your system.
When you open failed images that fail the check, you will find similar lines as the following,
Code Download source
<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?>PHPFusion do not allow any payloads of any kind to be embedded in image uploads. There are really no way around this one since anyone can attach any script in an Avatar or forum attachment etc.
If our MIME check fail for some reason it can be disabled via the 9 Settings. But this image verify safety check is standard, payloads have nothing to do in images.
You need to make sure that images are clean.
Many sites have been hacked using this method, that is why it is required and it has been so since at least late PHPFusion 6.
A reason that some images start to fail for you now might be that you use new or upgraded programs that add codes to your images that you are not yet aware of.
To be extra specific, In order for our safety checks to be efficient to a wide range of possible attacks we need to search and reject all types of <? and eval(), since your image contain php code it is rejected by Core , default.
See if you can turn off any ID or xml identification injections to images you post process before uploading to your system.
Edited by N/A on 26-03-2019 16:36,
Category Forum
Content Administration - 9Labels
Statistics
- Views 0 views
- Posts 4 posts
- Votes 0 votes
- Topic users 3 members
3 participants
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
Chan 0
Lead Developer of PHP-Fusion
- Super Admin, joined since
- Contributed 3,841 posts on the community forums.
- Started 232 threads in the forums
- Answered 6 questions
iceman50 10
- Member, joined since
- Contributed 69 posts on the community forums.
- Started 24 threads in the forums
- Started this discussions
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions