Advertisement:

Author Topic: Your attachment has failed security checks and cannot be uploaded failure  (Read 962 times)

Offline tarantula901

  • Jr. Member
  • **
  • Posts: 334

Is there a solution to this problem

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,625
  • Gender: Male
    • Kindred-999 on GitHub
well, maybe it's not a problem.... maybe the attachment HAS valid security issues....

What is the attachment?
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline tarantula901

  • Jr. Member
  • **
  • Posts: 334
well, maybe it's not a problem.... maybe the attachment HAS valid security issues....

What is the attachment?

Actually, the problem is; Images containing exif do not load. How do I overcome this problem?

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Turn off the security check, it has always been overzealous.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline tarantula901

  • Jr. Member
  • **
  • Posts: 334
Turn off the security check, it has always been overzealous.


Where do we turn off the security check?

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,625
  • Gender: Male
    • Kindred-999 on GitHub
https://wiki.simplemachines.org/smf/SMF2.0:Attachments_and_Avatars
Perform extensive security checks on uploaded image attachments
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline tarantula901

  • Jr. Member
  • **
  • Posts: 334
https://wiki.simplemachines.org/smf/SMF2.0:Attachments_and_Avatars
Perform extensive security checks on uploaded image attachments

This link did not help me. There is nothing restricted by hosting exif image external pictures are being loaded easily. Collective exif images cannot be loaded. This error gives me what I need to do to upload exif images. I use the settings in the link you have already made there I need to make a different setting. what it sets

What settings do I have to do to upload exif images?

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,617
https://wiki.simplemachines.org/smf/SMF2.0:Attachments_and_Avatars
Perform extensive security checks on uploaded image attachments
Perform extensive security checks on uploaded image attachments - Check this box to enable this function. Selecting this option will enable very strict security checks on image attachments. Please be aware that these extensive checks can cause valid images to fail too. It is strongly recommended to only use this option together with image re-encoding, in order to have SMF try to resample the images which fail the security checks. If this is successful, they will be sanitized and uploaded. Otherwise, if image re-encoding is not enabled, all attachments failing checks will be rejected.

disable that setting which is from that wiki page.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
The EXIF data looks suspicious even though it isn’t and just being there sets off the security warning. Turn the security test off and it will work.

Note that it’s not a good security measure as it finds many wrong cases and hasn’t yet as far as I know found a single legitimate issue that wouldn’t have been stopped in other ways.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline tarantula901

  • Jr. Member
  • **
  • Posts: 334

Although my settings are currently like this, I get errors


https://i.imgyukle.com/2019/08/27/oIEed0.jpg

Offline shawnb61

  • Developer
  • SMF Hero
  • *
  • Posts: 1,591
    • sbulen on GitHub
You could try applying this 2.1 fix to 2.0:
https://github.com/SimpleMachines/SMF2.1/pull/3961/files

If I had a serious photography site, I'd drop the "else" entirely and perform no string searches at all when extensive checks are disabled.
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Offline tarantula901

  • Jr. Member
  • **
  • Posts: 334
You could try applying this 2.1 fix to 2.0:
https://github.com/SimpleMachines/SMF2.1/pull/3961/files

If I had a serious photography site, I'd drop the "else" entirely and perform no string searches at all when extensive checks are disabled.

He makes pictures for use in another. Is there a security vulnerability for the site?

Offline shawnb61

  • Developer
  • SMF Hero
  • *
  • Posts: 1,591
    • sbulen on GitHub
I am not aware of any current vulnerabilities.  Those checks were for very old vulnerabilities.  I would only enable them if you have *NO* faith in your host & are running very old versions/configs of apache.
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Since the serving is done via PHP, I wouldn't even enable them for that.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline tarantula901

  • Jr. Member
  • **
  • Posts: 334
I am not aware of any current vulnerabilities.  Those checks were for very old vulnerabilities.  I would only enable them if you have *NO* faith in your host & are running very old versions/configs of apache.

I just wanted to know if there was a security vulnerability due to the changes I made.

Thanks for your help.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
No there isn't.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.