SMF Support > SMF 2.0.x Support
IMG TAG/Autofunction "Limit Display Size in Tag" failed in Guest hidden Boards
petb:
Seen on Version 2.0.2 and older Versions.
Short Description:
Display an Attachment in hidden Boards, wont be auto reduced in Display Size within the Post when storing the Post.
Large Description:
A User post a Picture as an Attachment in Board which is free viewable for Guests.
Then he wants to Display the Picture-Attachment in the Message Area.
So he edit the Post, uses the Link to the Attachment, include it within the IMG Tags and save the Post.
Now by saving the Post, the Forum Code checks if the Dimensions of the Picture are bigger than the Adjustment in the Admin Area (Max Width and Max Height for Display Image within Posts)
If the Image was bigger, the Forum Code places "width=xxx height=yyy" into the IMG Tag.
Now everything was fine, the Image was displayed smaller and if you click on the Image it gets Bigger, as it should.
But for this Automation, it was necessary for the Forum Code to reach the Attachment with Guest Rights.
If you do this in a for Guests hidden Board, the Function would fail, because it cant reach the Attachment with Guest Rights.
The CHECK of the Imagesize in the Forum Code try to use different Methods, fsockopen an others.
But for all, i believe, the Attachment must be viewable for All ?
--- Code: --- // Try to connect to the server... give it half a second.
$temp = 0;
$fp = @fsockopen($match[1], 80, $temp, $temp, 0.5);
// Successful? Continue...
if ($fp != false)
{
// Send the HEAD request (since we don't have to worry about chunked, HTTP/1.1 is fine here.)
fwrite($fp, 'HEAD /' . $match[2] . ' HTTP/1.1' . "\r\n" . 'Host: ' . $match[1] . "\r\n" . 'User-Agent: PHP/SMF' . "\r\n" . 'Connection: close' . "\r\n\r\n");
--- End code ---
Even the first try gets an 403 Error.
Also the Second Try to read the Image and build a new one fail with an 403 Error.
--- Code: --- // It's going to hate us for doing this, but another request...
$image = @imagecreatefromstring(fetch_web_data($url));
--- End code ---
So at this Stage in the Code,
i think the Forum Code better should check if the Image itself was an external Image or an internal Attachment.
If it was an internal Attachment it should use the Values for this Attachment, stored in the DB, or should get the Dimension directly from the Attachment.
Maybe the same Way like the Forum Code did in the Admin Control Panel in the List of the Attachments, in the First Column.
There where the dimension of the Pictures listed behind the Names of the Attachments.
Unless this was fixed, you have to put the width and height Values in the IMG Tags manually.
Maybe we can allow the server/Forum Code itself in the Display.php to get(Download) the Attachment after/in this Section ?
--- Code: ---// Download an attachment.
function Download()
--- End code ---
Or where did the Forum checks the Right to access a Attachment ?
There we could allow the Access for the Own Server/Forum Code ?
Instead of Retrieving the Values from the DB ?
Arantor:
How big is the picture, exactly? (both in terms of physical size and image dimensions)
petb:
For example a 1280x920 with 121 KByte,
Forum Max width and height adjust to 640x480
But, no matter which Size or Diemensions !
The same Image in a Board viewable for Guests, is working fine.
I am 100% sure that this is related to the Situation i described.
I have checked the Server Logs.
--- Code: ---Server IP - - [20/May/2012:14:52:42 +0200] "HEAD /index.php?action=dlattach;topic=2209.0;attach=4322;image HTTP/1.1" 403 - "-" "PHP/SMF"
--- End code ---
Which is the result from the Code here:
--- Code: --- // Send the HEAD request (since we don't have to worry about chunked, HTTP/1.1 is fine here.)
fwrite($fp, 'HEAD /' . $match[2] . ' HTTP/1.1' . "\r\n" . 'Host: ' . $match[1] . "\r\n" . 'User-Agent: PHP/SMF' . "\r\n" . 'Connection: close' . "\r\n\r\n");
--- End code ---
The Code itself get an 403, which is normal because the affected Attachment was not viewable without Permission.
The Code itself has no access Right, because the php function acts with the Server IP as a Guest User, direct on the Server, not from the user Sight.
So the php Code listed above was not a Forum User.
The Forum hasn't and couldn't set a session id to the php code.
To get the Forum Code the rights as a user, it hast to login with the user ID via php to get access with user rights instead of Guest Rights.
Like this:
--- Code: --- //Before we can see the Attachment we have to take car that we are logged in as a user which hast rights to access the attachment
....php code to login with userdata (Loginname, Passwort)
// after login, getting the session id and so on we can go further with accessing the attachment.
// Send the HEAD request (since we don't have to worry about chunked, HTTP/1.1 is fine here.)
fwrite($fp, 'HEAD /' . $match[2] . ' HTTP/1.1' . "\r\n" . 'Host: ' . $match[1] . "\r\n" . 'User-Agent: PHP/SMF' . "\r\n" . 'Connection: close' . "\r\n\r\n");
--- End code ---
without a login the Code has only the rights like a Guest.
So i think a better Way was to switch between external hosted Images and Forum Attachments, to handle each of them separately.
Arantor:
*nods* You're right, just that there are other circumstances that can cause this behaviour (namely if the file is too large to be handled)
The problem with it validating the length in the way you're suggesting is that it can actually open the not-visible-to-guests file to guests, there's no safe way to send it.
You see, the only way to be signed in to SMF is with a cookie, and you can't send that cookie directly/safely/cleanly in the request to get the information of the image size.
petb:
OK, so back to my Whish to handle external Images differently to Forum-Owned Attachments, where the Access Rights/restrictions could be handled through Forum Code.
--------------------------
if (attachment url != domain){
//go through the original code to handle external attachments
}else{
//attachment stays in forum
if (user_allowed_to_view_the_attachment){
//check attachment values from attachment context or something forum designed code
}
}
--------------------
i will take a look to see if i found something in the DB (attachment context)
The expensive Way is to get the attachment_hash (filename) with an own DB Query and then check the file location www.yourserver.com/attachments/attachment_hash
But i hope at this Stage in the subs.php in the function url_image_size($url)
there was an easier Way to become the attachment infos.... ?
Because the calling Process,... Posting the Post possibly allreday has this information ?
Which he can pass to the Function ?
Or can be accessed by a global ?
The Calling Process has something like ....isAllowedtoView...
so there is the check if the user was allowed to view allready done ?
So my Main Question was:
Is there an Way to get the attachment Infos within the function url_image_size($url) in the Subs.php
without coding an own DB Query for that ?
OR
Is it possible to handle Forum-Owned Attachment Infos wihtinh the parent Process ?
Navigation
[0] Message Index
[#] Next page
Go to full version