Upload of image fails

[datex]

Hi

I'm using SMF 2.0.8 - When I try to upload a certain image - it fails the security check. But I cannot figure out why. I have tried to remove EXIF from the image - but it didn't help. Any idea what might be wrong?

[Night09]

It could be your hosts security mod set too high. You may have to ask them to check it out.

[kat]

How about attaching the image, here?

[datex]

You can find the image here: https://files.secureserver.net/0sL5S8YV3JDcaw [nofollow]

[Antechinus]

It's a 5 meg image, which is huge. How high are your attachment limits set?

[datex]

Hi

In SMF it is set to 0 (for unlimited). I tried to scale it in GIMP - and when export it (size 1.44 MB) - it still fails (of course GIMP can now have made some changes that make it to fail :-S ).

[kat]

Too big to attach, here. You could always make sure that "Perform extensive security checks on uploaded image attachments", in Attachment Settings", isn't checked. After all, the note does say "The extensive security checks can result in a large number of rejected attachments."

But, attaching images that are that big will mean that the space, on the server, is gonna be used-up pretty quickly.

[Kindred]

And also... Attachment size, in smf admin is only one spot to set...   There is a Max upload size setting in the SERVER configuration as well...

[datex]

Hi

I have checked:

Perform extensive security checks is turned OFF
The PHP configuration says: upload_max_filesize   200M
I have managed to upload file at size 5207KB without any problems.

[Arantor]

What *exactly* happens when it fails? Do you get an error, if so what does it say exactly?

[datex]

I get this error message: (Is it possible to see a more thorough error message)

Your attachment has failed security checks and cannot be uploaded. Please consult the forum administrator.

[Arantor]

In which case I'm assuming it's the long standing bug where Photoshop leaves in its own proprietary nonsense, <cellTextIsHtml> which falls foul of the test for malice, even the less paranoid check.

To adjust this, Subs-Graphics.php:

Code Select Expand

// Check for potential infection
if (preg_match('~(iframe|html|eval|body|script\W|[CF]WS[\x01-\x0C])~i', $prev_chunk . $cur_chunk) === 1)
{
fclose($fp);
return false;
}

Replace with:

Code Select Expand

// Check for potential infection
if (preg_match('~(iframe|(?<!cellTextIs)html|eval|body|script\W|[CF]WS[\x01-\x0C])~i', $prev_chunk . $cur_chunk) === 1)
{
fclose($fp);
return false;
}

This is already in 2.1, but I'd encourage this be changed in future 2.0 releases.

[datex]

Strange - still the same error

[datex]

No idea - what might be wrong?

Is there a way to enable more logging?

[Arantor]

Any chance you could upload it somewhere for us to look at?

[datex]

The image - you can  download it here: https://files.secureserver.net/0sL5S8YV3JDcaw [nofollow]

[kat]

Attaching, here, just to see if it'll work, even though it's insanely HUGE!

(I suspect it'll get rejected, as it's so big).

Edit: Yeah, it's WAY too bog, for here. I think the sheer size of the thing's your problem. What if you shrink it? I've made it 1024x768 and attached it, to this.

[datex]

It might be some of the problem. I have the same error with another image (size 4.69 MB) - however I was able to upload an image with the size of (5.08 MB). The 2 images I have mentioned are not upright - might that be some of the problem - combined with the size?

[Arantor]

It should not be related to size or rotation, but there is something in the file that's throwing it off. Just haven't found what yet.

[Night09]

If you download the image then a bit of a longshot but the properties of the image contain a fair bit of information.

(Im on win 7 here)  If you look under details at the bottom theres the option to remove properties and personal information. It may be something contained in that causing the security to reject the image. Same with the new one you mention if its the same source.