It won't let me upload jpegs to the avatars, but lets me use PNGs

wynnyelle · April 23, 2013, 09:08:12 PM

I don't get why, but it is a problem, how can I make it so it lets me upload jpegs too?

I tried several different jpegs before realising it wasn't going to let me upload any of them.

The PNG image was bigger in file size than any of the jpegs, but it uploaded fine anyway.

Kill Em All · April 23, 2013, 10:58:32 PM

Have you tried uploading a jpeg as an attachment in a post out of curiosity?

wynnyelle · April 23, 2013, 11:22:36 PM

I tried and I only get this error:

Quote
Your attachment has failed security checks and cannot be uploaded. Please consult the forum administrator.

Arantor · April 23, 2013, 11:24:51 PM

Yay for Photoshop adding nonsense inside JPEG files that looks suspicious. There's not that much you can do to get around it.

Ricky. · April 23, 2013, 11:42:49 PM

And I think it is something to do with GD for libjpeg version mismatch ,I may be wrong but if possible for you, when try to upload JPG image, do you see any error in apache error log ?
If yes, care to share with us ?

Arantor · April 23, 2013, 11:57:45 PM

QuoteAnd I think it is something to do with GD for libjpeg version mismatch

No, it's not. The error given clearly indicates that it is being caught by SMF's malicious image detection routine. Namely the check for <cellTextIsHtml> inside the body of an image, refer to bug 4953.

wynnyelle · April 24, 2013, 03:11:00 AM

Right, I figured at first it was just a corrupted image so I tried several more from different sources. They are all doing this.

I don't know how or where to access the apache log...care to enlighten me?

I am happy to know that SMF does have an image malware detector, though!

kat · April 24, 2013, 06:37:13 AM

In Admin>Attachments and avatars>Attachment settings, you COULD disable "Perform extensive security checks on uploaded image attachments".

But, of course, you could be leaving yourself open to some smelly brown stuff, as it were.

Up to you, GS...

Storman™ · April 24, 2013, 10:45:19 AM

QuotePerform extensive security checks on uploaded image attachments

I've always had mine tuned off and never had an issue (and we have GB's of attachments). The risk is there but I've come to the conclusion that it's more trouble than it's worth to have it enabled. In some respects it depends on your membership base and whether "in general" you trust em.

I just keep "Re-encode potentially dangerous image attachments" enabled.

wynnyelle · April 24, 2013, 11:38:12 AM

No, I don't want to disable it. Our site has a lot to protect.

But why would it be barring ALL jpegs? Most are clean. This makes no sense. What I need to do is for it to only bar the Jpegs that are actually containing malware.

kat · April 24, 2013, 12:00:28 PM

Just curious, here...

Are the files named with the extension "jpg", or "jpeg"?

Are both affected?

I remember this, from a couple of years back.

http://www.simplemachines.org/community/index.php?topic=418692.0

wynnyelle · April 25, 2013, 12:29:18 AM

"jpg" actually. I think they were all "jpg".

sangham.net · April 25, 2013, 07:56:45 AM

Dear Groovystar, dear supporters,

Maybe to easy and already investigated (so very naive), but have you checked the "Allowed attachment extensions" in the "Administration Center » Attachments and Avatars » Attachment Settings" are those file extensions included (don't know if such has an impact on the avatar as well)

Oldiesmann · April 25, 2013, 12:04:46 PM

Johann, it has nothing to do with whether that extension is allowed. SMF would give a different error if that was a problem.

Arantor · April 25, 2013, 12:08:33 PM

Quote from: Arantor on April 23, 2013, 11:57:45 PM
The error given clearly indicates that it is being caught by SMF's malicious image detection routine. Namely the check for <cellTextIsHtml> inside the body of an image, refer to bug 4953.

Photoshop adds a bunch of junk into JPEG files. This is one of those examples. It won't be *all* JPEGs, just ones with extra rubbish in them.

LiroyvH · April 25, 2013, 12:14:17 PM

Quote from: Groovystar on April 24, 2013, 11:38:12 AM
No, I don't want to disable it. Our site has a lot to protect.

Might I ask why that suddenly is of importance?
Last week or the week before and on other earlier occasions, I had noticed this feature was not enabled on your forum at all; it seems to have been enabled only recently. Why didn't it matter then that it was not enabled, but it does matter now?
Clearly it causes more trouble than it solves with some of the pictures.

Storman™ · April 25, 2013, 03:05:23 PM

QuotePhotoshop adds a bunch of junk into JPEG files. This is one of those examples. It won't be *all* JPEGs, just ones with extra rubbish in them.

Might be wrong but can you not "strip" the junk out ? Thought I remembered doing that some time back...

[Hmmm ... Storman's memory is past it's "sell by" date...]

Arantor · April 25, 2013, 03:26:12 PM

I'm not sure how you'd do that in PS, never having actually *used* it.

SimpleJoe · April 25, 2013, 03:58:41 PM

Perhaps export the image as a Gif or PNG? that should strip any weirdness away from the file

Kill Em All · April 25, 2013, 04:32:09 PM

Quote from: Joseph @ OLI on April 25, 2013, 03:58:41 PM
Perhaps export the image as a Gif or PNG? that should strip any weirdness away from the file

But why should a user have to go through that trouble?

Unfortunately, the bug report doesn't say how it was fixed.
http://dev.simplemachines.org/mantis/view.php?id=4953

News:

It won't let me upload jpegs to the avatars, but lets me use PNGs

kat

kat