Is there a solution to this problem
well, maybe it's not a problem.... maybe the attachment HAS valid security issues....
What is the attachment?
Quote from: Kindred on August 26, 2019, 02:57:27 PM
well, maybe it's not a problem.... maybe the attachment HAS valid security issues....
What is the attachment?
Actually, the problem is; Images containing exif do not load. How do I overcome this problem?
Turn off the security check, it has always been overzealous.
Quote from: Arantor on August 26, 2019, 03:59:52 PM
Turn off the security check, it has always been overzealous.
Where do we turn off the security check?
https://wiki.simplemachines.org/smf/SMF2.0:Attachments_and_Avatars
Perform extensive security checks on uploaded image attachments
Quote from: Kindred on August 26, 2019, 04:49:43 PM
https://wiki.simplemachines.org/smf/SMF2.0:Attachments_and_Avatars
Perform extensive security checks on uploaded image attachments
This link did not help me. There is nothing restricted by hosting exif image external pictures are being loaded easily. Collective exif images cannot be loaded. This error gives me what I need to do to upload exif images. I use the settings in the link you have already made there I need to make a different setting. what it sets
What settings do I have to do to upload exif images?
Quote from: Kindred on August 26, 2019, 04:49:43 PM
https://wiki.simplemachines.org/smf/SMF2.0:Attachments_and_Avatars
Perform extensive security checks on uploaded image attachments
Perform extensive security checks on uploaded image attachments - Check this box to enable this function. Selecting this option will enable very strict security checks on image attachments. Please be aware that these extensive checks can cause valid images to fail too. It is strongly recommended to only use this option together with image re-encoding, in order to have SMF try to resample the images which fail the security checks. If this is successful, they will be sanitized and uploaded. Otherwise, if image re-encoding is not enabled, all attachments failing checks will be rejected.
disable that setting which is from that wiki page.
The EXIF data looks suspicious even though it isn't and just being there sets off the security warning. Turn the security test off and it will work.
Note that it's not a good security measure as it finds many wrong cases and hasn't yet as far as I know found a single legitimate issue that wouldn't have been stopped in other ways.
Although my settings are currently like this, I get errors
https://i.imgyukle.com/2019/08/27/oIEed0.jpg
You could try applying this 2.1 fix to 2.0:
https://github.com/SimpleMachines/SMF2.1/pull/3961/files
If I had a serious photography site, I'd drop the "else" entirely and perform no string searches at all when extensive checks are disabled.
Quote from: shawnb61 on August 27, 2019, 09:27:04 AM
You could try applying this 2.1 fix to 2.0:
https://github.com/SimpleMachines/SMF2.1/pull/3961/files
If I had a serious photography site, I'd drop the "else" entirely and perform no string searches at all when extensive checks are disabled.
He makes pictures for use in another. Is there a security vulnerability for the site?
I am not aware of any current vulnerabilities. Those checks were for very old vulnerabilities. I would only enable them if you have *NO* faith in your host & are running very old versions/configs of apache.
Since the serving is done via PHP, I wouldn't even enable them for that.
Quote from: shawnb61 on August 27, 2019, 03:06:26 PM
I am not aware of any current vulnerabilities. Those checks were for very old vulnerabilities. I would only enable them if you have *NO* faith in your host & are running very old versions/configs of apache.
I just wanted to know if there was a security vulnerability due to the changes I made.
Thanks for your help.
No there isn't.