Image Security

ruffrecords · Dec 9, 2017

Several times in the recent past when I have tried to upload a .png file I get an error saying my upload has failed security checks, please contact administrator. I open the image in Gimp, export it as a jpeg and upload it again. No problem this time. So, Mr. Administrator, why is this happening?

Cheers

Ian

Ricardus · Apr 13, 2019

I'm getting the same error. I use the GIMP also. What the heck is going on?

Ricardus · Apr 13, 2019

Using the GIMP might be the issue here. Can't think of any good reason IT SHOULD BE, but I went to an online image resizing site and resized my images, and the forum let me upload them error free.

ruffrecords · Apr 14, 2019

I don't know. This error still pops up occasionally but there seems to be no correlation with image type or the tools used.

Cheers

Ian

Ricardus · Apr 14, 2019

ruffrecords said:
I don't know. This error still pops up occasionally but there seems to be no correlation with image type or the tools used.

Cheers

Ian

My test was only on 2 JPGs, but both resized with the GIMP were rejected, and the ones resized online we OK.

Rich...

JohnRoberts · Apr 14, 2019

I am just guessing like you all, but maybe GIMP (whatever that is) adds some unwanted extra foo into the image files that the security software does not like to see.

Like the old country doctor says, if it doesn't work when you do that, don't do that...

JR

Ricardus · Apr 14, 2019

GIMP.

Gnu Image Manipulation Program.

It's like an open source (and free) version of Photoshop, available for most platforms. I've been using it for about as long as it has existed, and the only place I have ever seen have issues with the images, is this forum. So I'm thinking it's not actually the GIMP. It works everywhere else.

Matador · Apr 15, 2019

SMF forums are littered with people complaining about this.

The SMF check looks for certain keywords in the binary image data: notably:

Code:

// Though not exhaustive lists, better safe than sorry.
 270          if (!empty($extensiveCheck))
 271          {
 272              // Paranoid check. Some like it that way.
 273              if (preg_match('~(iframe|\\<\\?|\\<%|html|eval|body|script\W|[CF]WS[\x01-\x0C])~i', $prev_chunk . $cur_chunk) === 1)
 274              {
 275                  fclose($fp);
 276                  return false;
 277              }
 278          }
 279          else
 280          {
 281              // Check for potential infection
 282              if (preg_match('~(iframe|html|eval|body|script\W|[CF]WS[\x01-\x0C])~i', $prev_chunk . $cur_chunk) === 1)
 283              {
 284                  fclose($fp);
 285                  return false;
 286              }
 287          }
 288          $prev_chunk = $cur_chunk;

For example, if GIMP inserts an HTML link it will fail this test.

Without a specific example, it would be impossible to tell which part of this is failing.

Image Security

Help Support GroupDIY Audio Forum:

ruffrecords

Well-known member

Ricardus

WILL SOLDER FOR FOOD

Ricardus

WILL SOLDER FOR FOOD

ruffrecords

Well-known member

Ricardus

WILL SOLDER FOR FOOD

JohnRoberts

Well-known member

Ricardus

WILL SOLDER FOR FOOD

Matador

Well-known member

Similar threads

Latest posts

Image Security

Help Support GroupDIY Audio Forum:

Well-known member

WILL SOLDER FOR FOOD

WILL SOLDER FOR FOOD

Well-known member

WILL SOLDER FOR FOOD

Well-known member

WILL SOLDER FOR FOOD

Well-known member

Similar threads

Join the conversation!

Join today and get all the highlights of this community direct to your inbox. It's FREE!