When I try uploading a jpg avatar to my profile, it comes out as a broken image

[Biology Forums]

Well then, thanks for your help. Strange how no one else has ever complained about this. I did a search and nothing showed up.

[Biology Forums]

Hey again,

I found exactly where the problem is, it's in Subs-Graphics.php, precisely here:

Code Select Expand

elseif ($fp)
{
$fp2 = fopen($url, 'rb');
$prev_chunk = '';
while (!feof($fp2))
{
$cur_chunk = fread($fp2, 8192);

// Make sure nothing odd came through.
if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', $prev_chunk . $cur_chunk) === 1)
{
fclose($fp2);
fclose($fp);
unlink($destName);
return false;
}

fwrite($fp, $cur_chunk);
$prev_chunk = $cur_chunk;
}
fclose($fp2);
fclose($fp);
}

If I remove ~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~, which of course I haven't, these avatars are uploaded as they should.

Can anyone tell me what I can do to the above code to make this work correctly on SMF 1.x.

Thanks Arantor for your help explaining what the code does.

[Arantor]

Code Select Expand

if (preg_match('~(iframe|html|eval|body|script\W|[CF]WS[\x01-\x0C])~i', $prev_chunk . $cur_chunk) === 1)

[Biology Forums]

Didn't work, image doesn't upload and so avatar comes out broken.

Worst part is that there is no error programmed to tell the member either, so members are left guessing what the problem is, and then eventually give up.

[Arantor]

Considering that I took it directly from 2.0... where the more paranoid check came from, and this time picked the less paranoid one...

[Biology Forums]

This is how 2.x handles it (in Profile-Modify.php):

Code Select Expand

if (!empty($modSettings['avatar_resize_upload']))
{
// Attempt to chmod it.
@chmod($uploadDir . '/avatar_tmp_' . $memID, 0644);

require_once($sourcedir . '/Subs-Graphics.php');
if (!downloadAvatar($uploadDir . '/avatar_tmp_' . $memID, $memID, $modSettings['avatar_max_width_upload'], $modSettings['avatar_max_height_upload']))
return 'bad_avatar';

// Reset attachment avatar data.
$cur_profile['id_attach'] = $modSettings['new_avatar_data']['id'];
$cur_profile['filename'] = $modSettings['new_avatar_data']['filename'];
$cur_profile['attachment_type'] = $modSettings['new_avatar_data']['type'];
}
else
return 'bad_avatar'

Notice the:

require_once($sourcedir . '/Subs-Graphics.php');
               if (!downloadAvatar($uploadDir . '/avatar_tmp_' . $memID, $memID, $modSettings['avatar_max_width_upload'], $modSettings['avatar_max_height_upload']))



This is how 1.x handles it (in profile.php):

Code Select Expand

if (!empty($modSettings['avatar_resize_upload']))
{
// Attempt to chmod it.
@chmod($uploadDir . '/avatar_tmp_' . $memID, 0644);

require_once($sourcedir . '/Subs-Graphics.php');
downloadAvatar($uploadDir . '/avatar_tmp_' . $memID, $memID, $modSettings['avatar_max_width_upload'], $modSettings['avatar_max_height_upload']);
}
else
$post_errors[] = 'bad_avatar';

Can you help me understand why the SMF 1 version doesn't have an IF statement for downloadAvatar

[Arantor]

*shrug* You're asking me to remember why I did or didn't do something a year ago, I don't remember. I remember I didn't care enough about 1.1.x to be as thorough about it as I should, though.

[Kindred]

1.1.x is almost End of Life, anyway...    you should upgrade to 2.0.