It won't let me upload jpegs to the avatars, but lets me use PNGs

Started by wynnyelle, April 23, 2013, 09:08:12 PM

Previous topic - Next topic

Arantor

No, but it tells you it was fixed in the Github repository, and on what date, just go back through the repo and find the commits on that day and glance through them.

butch2k

In Subs Graphics the check has been changed to remove cellTextIsHtml from matching.

// Check for potential infection
if (preg_match('~(iframe|(?<!cellTextIs)html|eval|body|script\W|[CF]WS[\x01-\x0C])~i', $prev_chunk . $cur_chunk) === 1)


lurkalot

Quote from: Arantor on April 25, 2013, 03:26:12 PM
I'm not sure how you'd do that in PS, never having actually *used* it.

In PS, use the "Save for web" option, this will strip the EXIF data from your jpg's, if that's what you mean by "Extra rubbish"

Arantor

That's not what I meant by extra rubbish. I consider EXIF information useful. I consider Adobe's proprietary extensions to the JFIF/JPEG format to be largely rubbish, however.

butch2k

Quote from: Arantor on April 25, 2013, 05:09:26 PM
That's not what I meant by extra rubbish. I consider EXIF information useful. I consider Adobe's proprietary extensions to the JFIF/JPEG format to be largely rubbish, however.
Indeed... It's bloating images for no reason...

Trying "saving images for the web" rather than "save as" might do the trick though.

lurkalot

Quote from: Arantor on April 25, 2013, 05:09:26 PM

That's not what I meant by extra rubbish. I consider EXIF information useful.


True, it is very useful when talking photos, but a pointless waste of space for a Avatar. ;)

Kill Em All

Groovystar, in your Sources/sub-package.php. Find:

if ($file_info['compressed_size'] != $file_info['size'])


replace it with:

if (!empty($file_info['compress_method']) || ($file_info['compressed_size'] != $file_info['size']))


My Site: KEAGaming.com

Manual Installation of Mods
Prevent Spam and Forum Attacks
Please do not PM or email me for support unless offered, help should be publicly displayed to others.

Arantor

Um... how is that related? That's to do with unpacking gzipped data...

Kill Em All



My Site: KEAGaming.com

Manual Installation of Mods
Prevent Spam and Forum Attacks
Please do not PM or email me for support unless offered, help should be publicly displayed to others.

lurkalot

Quote from: Groovystar on April 24, 2013, 11:38:12 AM
No, I don't want to disable it. Our site has a lot to protect.

But why would it be barring ALL jpegs? Most are clean. This makes no sense. What I need to do is for it to only bar the Jpegs that are actually containing malware.

I'm guessing you got around this problem then? http://warriorcatsrpg.com/index.php?topic=490301.0

Arantor

Quote from: Kill Em All on April 25, 2013, 05:34:57 PM
Part of the commit that:
https://github.com/SimpleMachines/SMF2.1/commit/43a398c88539fe5734886f6dd4da528c76668f54

Yup, it's the last item on the changelog: fixes bypassing deflate step during unzip. Unrelated to the second item on the changelog regarding cellTexIsHtml.

wynnyelle

Core, I think I didn't know that it hadn't been enabled until recently.
So uh...is there a way this can be fixed or do we just live with it? :P

LiroyvH

I'd say disable it and ensure the recode suspicious thingies thingy is on. :)
Seems to have worked fine for a long time that way. :)

Otherwise; probably indeed a "deal with it" for now.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

wynnyelle


Kill Em All

Yes, it is suppose to be corrected in 2.1. When that will be released... eh.


My Site: KEAGaming.com

Manual Installation of Mods
Prevent Spam and Forum Attacks
Please do not PM or email me for support unless offered, help should be publicly displayed to others.

Advertisement: