Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

pictures rejected because of possible "evil payload"


Print Track
I just got 2 pictures rejected that I tried to upload to my site.
Both pictures are portraits, and a part of a larger set.
Where can I manage the settings to avoid this in the future?

4 replies

There are no setting to toggle this. Images that are uploaded need to be unprocessed by 3d party programs that may add a header tags in the image code. There are many topics about this thru out our forums here.
It is standard .jpg pictures converted from raw in Adobe Lightroom.
This is the first time I experience this in PHP Fusion, and I start to consider if PHP Fusion is the right CMS for me.
I have used PHP-Fusion since version 6 and love the concept.
Safe image handling toggle off can be added in the next version. But this feature is a necessary one because of inline codes in images. To remove the embedded code in the image, you can use image processor software like Adobe Photoshop and save as .jpg again.
The problem with your image is that it does not pass the safety check due to possible payload embedded. ( Trojan if you will ) as mentioned.
When you open failed images that fail the check, you will find similar lines as the following,
<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?>


PHP-Fusion do not allow any payloads of any kind to be embedded in image uploads. There are really no way around this one since anyone can attach any script in an Avatar or forum attachment etc.

If our MIME check fail for some reason it can be disabled via the 9 Settings. But this image verify safety check is standard, payloads have nothing to do in images.
You need to make sure that images are clean.
Many sites have been hacked using this method, that is why it is required and it has been so since at least late PHP-Fusion 6.
A reason that some images start to fail for you now might be that you use new or upgraded programs that add codes to your images that you are not yet aware of.

To be extra specific, In order for our safety checks to be efficient to a wide range of possible attacks we need to search and reject all types of <? and eval(), since your image contain php code it is rejected by Core , default.

See if you can turn off any ID or xml identification injections to images you post process before uploading to your system.
author iceman50
forumContent Administration - 9
replies5 posts
viewed316 times
activeLast updated on 4 months ago

Related

Lost add news/pictures/etc link - Google Ads
Started by
D
Dyegov - 8 posts
How to create pannel with date pictures?
Started by
B
burnlv - 2 posts
Pictures/phots on site stoped showing
Started by
M
mojkan - 4 posts
Uploading multiple pictures to news
Started by
D
Darra - 3 posts
Alpha Gray theme does't show pictures with news
Started by marztar marztar - 3 posts
Pictures in Sitelinks - Works in Admin, but not on site
Started by Homdax Homdax - 10 posts

Hot Questions

Rudios
Custom Pages
Rudios - 9 posts
B
Adblock detect
bonnis - 12 posts
daimonbok1
Youtube Videos?
daimonbok1 - 10 posts
Kvido
Bbcode in news
Kvido - 14 posts
daimonbok1
C
You can view all discussion threads in this forum.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
Users who participated in discussion: Falk, Chan, iceman50