Simple Machines Community Forum

SMF Support => SMF 2.0.x Support => Topic started by: tarantula901 on August 26, 2019, 01:42:41 PM

Title: Your attachment has failed security checks and cannot be uploaded failure
Post by: tarantula901 on August 26, 2019, 01:42:41 PM

Is there a solution to this problem
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: Kindred on August 26, 2019, 02:57:27 PM
well, maybe it's not a problem.... maybe the attachment HAS valid security issues....

What is the attachment?
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: tarantula901 on August 26, 2019, 03:06:00 PM
well, maybe it's not a problem.... maybe the attachment HAS valid security issues....

What is the attachment?

Actually, the problem is; Images containing exif do not load. How do I overcome this problem?
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: Arantor on August 26, 2019, 03:59:52 PM
Turn off the security check, it has always been overzealous.
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: tarantula901 on August 26, 2019, 04:35:25 PM
Turn off the security check, it has always been overzealous.


Where do we turn off the security check?
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: Kindred on August 26, 2019, 04:49:43 PM
https://wiki.simplemachines.org/smf/SMF2.0:Attachments_and_Avatars
Perform extensive security checks on uploaded image attachments
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: tarantula901 on August 26, 2019, 05:25:56 PM
https://wiki.simplemachines.org/smf/SMF2.0:Attachments_and_Avatars
Perform extensive security checks on uploaded image attachments

This link did not help me. There is nothing restricted by hosting exif image external pictures are being loaded easily. Collective exif images cannot be loaded. This error gives me what I need to do to upload exif images. I use the settings in the link you have already made there I need to make a different setting. what it sets

What settings do I have to do to upload exif images?
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: Illori on August 26, 2019, 06:02:50 PM
https://wiki.simplemachines.org/smf/SMF2.0:Attachments_and_Avatars
Perform extensive security checks on uploaded image attachments
Perform extensive security checks on uploaded image attachments - Check this box to enable this function. Selecting this option will enable very strict security checks on image attachments. Please be aware that these extensive checks can cause valid images to fail too. It is strongly recommended to only use this option together with image re-encoding, in order to have SMF try to resample the images which fail the security checks. If this is successful, they will be sanitized and uploaded. Otherwise, if image re-encoding is not enabled, all attachments failing checks will be rejected.

disable that setting which is from that wiki page.
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: Arantor on August 26, 2019, 06:19:27 PM
The EXIF data looks suspicious even though it isn’t and just being there sets off the security warning. Turn the security test off and it will work.

Note that it’s not a good security measure as it finds many wrong cases and hasn’t yet as far as I know found a single legitimate issue that wouldn’t have been stopped in other ways.
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: tarantula901 on August 27, 2019, 12:59:15 AM

Although my settings are currently like this, I get errors


https://i.imgyukle.com/2019/08/27/oIEed0.jpg
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: shawnb61 on August 27, 2019, 09:27:04 AM
You could try applying this 2.1 fix to 2.0:
https://github.com/SimpleMachines/SMF2.1/pull/3961/files

If I had a serious photography site, I'd drop the "else" entirely and perform no string searches at all when extensive checks are disabled.
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: tarantula901 on August 27, 2019, 02:57:45 PM
You could try applying this 2.1 fix to 2.0:
https://github.com/SimpleMachines/SMF2.1/pull/3961/files

If I had a serious photography site, I'd drop the "else" entirely and perform no string searches at all when extensive checks are disabled.

He makes pictures for use in another. Is there a security vulnerability for the site?
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: shawnb61 on August 27, 2019, 03:06:26 PM
I am not aware of any current vulnerabilities.  Those checks were for very old vulnerabilities.  I would only enable them if you have *NO* faith in your host & are running very old versions/configs of apache.
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: Arantor on August 27, 2019, 03:09:45 PM
Since the serving is done via PHP, I wouldn't even enable them for that.
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: tarantula901 on August 27, 2019, 03:50:06 PM
I am not aware of any current vulnerabilities.  Those checks were for very old vulnerabilities.  I would only enable them if you have *NO* faith in your host & are running very old versions/configs of apache.

I just wanted to know if there was a security vulnerability due to the changes I made.

Thanks for your help.
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: Arantor on August 27, 2019, 06:03:53 PM
No there isn't.
Title: Re: Your attachment has failed security checks and cannot be uploaded failure
Post by: tarantula901 on August 28, 2019, 09:49:18 AM
No there isn't.

Thank you