tslocum
/
tinyib
6
6
Fork 2
Code Issues 33 Pull Requests 1 Releases Activity

Labels Milestones

New Issue

"Supported file types are JPG, PNG and GIF" when uploading jpg, png or gif #28

Closed
opened 6 years ago by tslocum · 23 comments
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: porteros13

I've seen there's a similar Issue but with WebM, but I don't know if the solution is different in this case...

When i try to upload an image (I tried with many different images in jpg, png or gif) I get this error "Supported file types are JPG, PNG and GIF"...

Any ideas?

*Created by: porteros13* I've seen there's a similar Issue but with WebM, but I don't know if the solution is different in this case... When i try to upload an image (I tried with many different images in jpg, png or gif) I get this error "Supported file types are JPG, PNG and GIF"... Any ideas?
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: Wqer555

Do you have webm uploading enabled in the settings? Here's two bits of code you can use to debug.

https://github.com/tslocum/TinyIB/blob/master/settings.default.php#L35
b2c0b69947/inc/html.php (L49)

Under the post form there should be a list of allowed file types. Is webm one of them?

*Created by: Wqer555* Do you have webm uploading enabled in the settings? Here's two bits of code you can use to debug. https://github.com/tslocum/TinyIB/blob/master/settings.default.php#L35 https://github.com/tslocum/TinyIB/blob/b2c0b699474f0c719845b604a313ae7b34e13bd6/inc/html.php#L49 Under the post form there should be a list of allowed file types. Is webm one of them?
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: porteros13

Hi again and thanks for the reply!

I'm not an expert in php as you can see hehe. But yeah, I've checked the settings.php lots of times and everything is written like the code you sent me. I've been making sure the WebM option is not enabled (in fact I don't want to upload WebM). Just jpg, png and gif.

I've investigating but at the moment I didn't find a solution :(

*Created by: porteros13* Hi again and thanks for the reply! I'm not an expert in php as you can see hehe. But yeah, I've checked the settings.php lots of times and everything is written like the code you sent me. I've been making sure the WebM option is not enabled (in fact I don't want to upload WebM). Just jpg, png and gif. I've investigating but at the moment I didn't find a solution :(
tslocum commented 6 years ago (Migrated from gitlab.com)

After this line: b2c0b69947/imgboard.php (L162)

Add: echo shell_exec('file --mime-type ' . $_FILES['file']['tmp_name']);die(); and try uploading an image. Please paste the output here.

After this line: https://github.com/tslocum/TinyIB/blob/b2c0b699474f0c719845b604a313ae7b34e13bd6/imgboard.php#L162 Add: `echo shell_exec('file --mime-type ' . $_FILES['file']['tmp_name']);die();` and try uploading an image. Please paste the output here.
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: porteros13

Sorry for the late reply.
Here it is what I get when added what the line u told me in imgboard.php and uploaded image later:

Warning: shell_exec() has been disabled for security reasons in /usr/home/dlastframe.com/web/boards/imgboard.php on line 163

What does it mean?

Thanks

*Created by: porteros13* Sorry for the late reply. Here it is what I get when added what the line u told me in imgboard.php and uploaded image later: Warning: shell_exec() has been disabled for security reasons in /usr/home/dlastframe.com/web/boards/imgboard.php on line 163 What does it mean? Thanks
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: Wqer555

Your installation of PHP is disabling the shell_exec function. Under some circumstances, it can lead to a remote code execution vulnerability, especially if unfiltered user input is passed into it.

Try this: echo mime_content_type($_FILES['file']['tmp_name']); die();

*Created by: Wqer555* Your installation of PHP is disabling the **shell_exec** function. Under some circumstances, it can lead to a remote code execution vulnerability, especially if unfiltered user input is passed into it. Try this: `echo mime_content_type($_FILES['file']['tmp_name']); die();`
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: porteros13

Hi Wquer555, this is what I get:

image/jpeg

*Created by: porteros13* Hi Wquer555, this is what I get: image/jpeg
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: Wqer555

That looks correct.

Try replacing
$file_mime = $file_info['mime'];
with
$file_mime = mime_content_type($file_location);

*Created by: Wqer555* That looks correct. Try replacing `$file_mime = $file_info['mime'];` with `$file_mime = mime_content_type($file_location);`
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: porteros13

It says again "Supported file types are JPG, PNG and GIF". Is it normal?

*Created by: porteros13* It says again "Supported file types are JPG, PNG and GIF". Is it normal?
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: Wqer555

That's odd.
Right above

if (empty($file_mime) || !isset($tinyib_uploads[$file_mime])) {
  fancyDie(supportedFileTypes());
}

Do

var_dump($file_mime);
var_dump($tinyib_uploads[$file_mime]);
die;

Alternatively you can try replacing
!isset($tinyib_uploads[$file_mime])
with
!in_array($file_mime, $tinyib_uploads)

*Created by: Wqer555* That's odd. Right above ``` if (empty($file_mime) || !isset($tinyib_uploads[$file_mime])) { fancyDie(supportedFileTypes()); } ``` Do ``` var_dump($file_mime); var_dump($tinyib_uploads[$file_mime]); die; ``` Alternatively you can try replacing `!isset($tinyib_uploads[$file_mime])` with `!in_array($file_mime, $tinyib_uploads)`
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: porteros13

With the first option:
string(0) "" Notice: Undefined index: in /usr/home/dlastframe.com/web/boards/imgboard.php on line 175 NULL

And the second one:
"Supported file types are JPG, PNG and GIF"

*Created by: porteros13* With the first option: string(0) "" Notice: Undefined index: in /usr/home/dlastframe.com/web/boards/imgboard.php on line 175 NULL And the second one: "Supported file types are JPG, PNG and GIF"
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: porteros13

I've been investigating and maybe the problem "shell_exec() has been disabled for security reasons" could be with Safe Mode wich surely is in mode on.
I'm contacting with the hosting provider, lets see what do they say coz i don't find any safe mode setting...

I´m witing back when i get a response. Thanks a lot guys for your fast replies.

*Created by: porteros13* I've been investigating and maybe the problem "shell_exec() has been disabled for security reasons" could be with Safe Mode wich surely is in mode on. I'm contacting with the hosting provider, lets see what do they say coz i don't find any safe mode setting... I´m witing back when i get a response. Thanks a lot guys for your fast replies.
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: Wqer555

$file_mime may be getting changed. Try putting $file_mime = mime_content_type($file_location); right above the if statement.

*Created by: Wqer555* $file_mime may be getting changed. Try putting `$file_mime = mime_content_type($file_location);` right above the if statement.
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: porteros13

Again:

"Supported file types are JPG, PNG and GIF"

*Created by: porteros13* Again: "Supported file types are JPG, PNG and GIF"
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: Wqer555

The problem is that the expression empty($file_mime) || !isset($tinyib_uploads[$file_mime]) is returning true. Break it down and trace each part as far back as necessary. Use var_dump and die.

*Created by: Wqer555* The problem is that the expression `empty($file_mime) || !isset($tinyib_uploads[$file_mime])` is returning true. Break it down and trace each part as far back as necessary. Use `var_dump` and `die`.
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: porteros13

I wrote this, I don't know if is what u said:

if (empty($file_mime)) {
	fancyDie(supportedFileTypes());
	var_dump($file_mime);
	var_dump($tinyib_uploads[$file_mime]);
	die;
}
			
if (!isset($tinyib_uploads[$file_mime])) {
	fancyDie(supportedFileTypes());
	var_dump($file_mime);
	var_dump($tinyib_uploads[$file_mime]);
	die;
}

And I get "Supported file types are JPG, PNG and GIF"

*Created by: porteros13* I wrote this, I don't know if is what u said: ``` if (empty($file_mime)) { fancyDie(supportedFileTypes()); var_dump($file_mime); var_dump($tinyib_uploads[$file_mime]); die; } if (!isset($tinyib_uploads[$file_mime])) { fancyDie(supportedFileTypes()); var_dump($file_mime); var_dump($tinyib_uploads[$file_mime]); die; } ``` And I get "Supported file types are JPG, PNG and GIF"
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: Wqer555

fancyDie will print the error message and terminate the script, so you will never run the code following. Try this:

if (empty($file_mime)) {
    echo '$file_mime is empty<br>';
    var_dump($file_mime);
}

if (!isset($tinyib_uploads[$file_mime])) {
    echo '$tinyib_uploads[$file_mime] is not set<br>';
    var_dump($tinyib_uploads[$file_mime]);
}
die;
*Created by: Wqer555* fancyDie will print the error message and terminate the script, so you will never run the code following. Try this: ``` if (empty($file_mime)) { echo '$file_mime is empty<br>'; var_dump($file_mime); } if (!isset($tinyib_uploads[$file_mime])) { echo '$tinyib_uploads[$file_mime] is not set<br>'; var_dump($tinyib_uploads[$file_mime]); } die; ```
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: porteros13

Here it is what I got

$file_mime is empty
string(0) "" $tinyib_uploads[$file_mime] is not set
Notice: Undefined index: in /usr/home/dlastframe.com/web/boards/imgboard.php on line 181 NULL

*Created by: porteros13* Here it is what I got $file_mime is empty string(0) "" $tinyib_uploads[$file_mime] is not set Notice: Undefined index: in /usr/home/dlastframe.com/web/boards/imgboard.php on line 181 NULL
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: Wqer555

If $file_mine is empty then we have to fill it. Search for it and look at the code that modifies it. Otherwise, use $file_mime = mime_content_type($file_location); again.

*Created by: Wqer555* If `$file_mine` is empty then we have to fill it. Search for it and look at the code that modifies it. Otherwise, use `$file_mime = mime_content_type($file_location);` again.
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: SLNETAIGA

To fix it's:

  1. Go to 'imgboard.php'
  2. Replace all '$file_mime = $file_info['mime'];' with '$file_mime = mime_content_type($file_location);' maybe on few lines.
  3. On line 162 replace 'file_mime_split = explode(' ', trim(@shell_exec('file --mime-type ' . _FILES['file']['tmp_name'])));' with 'file_mime_split = explode(' ', trim(mime_content_type(_FILES['file']['tmp_name'])));'
  4. PROFIT!
*Created by: SLNETAIGA* To fix it's: 1) Go to 'imgboard.php' 2) Replace all '$file_mime = $file_info['mime'];' with '$file_mime = mime_content_type($file_location);' maybe on few lines. 3) On line 162 replace '$file_mime_split = explode(' ', trim(@shell_exec('file --mime-type ' . $_FILES['file']['tmp_name'])));' with '$file_mime_split = explode(' ', trim(mime_content_type($_FILES['file']['tmp_name'])));' 4) PROFIT!
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: Wqer555

Why is shell_exec used when PHP supports this natively?

*Created by: Wqer555* Why is shell_exec used when PHP supports this natively?
tslocum commented 6 years ago (Migrated from gitlab.com)

Created by: porteros13

Hi! Lot of time without posting, I'm sorry.
I've done what SLNETAIGA told, and when I try to upload an image I get a blank page as a result.

Wquer555 I didn't understand the comment you did 15 days ago D: I'm sorry, I'm not an expert with php, last time I got some help with a cousin that came at home hehe

*Created by: porteros13* Hi! Lot of time without posting, I'm sorry. I've done what SLNETAIGA told, and when I try to upload an image I get a blank page as a result. Wquer555 I didn't understand the comment you did 15 days ago D: I'm sorry, I'm not an expert with php, last time I got some help with a cousin that came at home hehe
indrakaw commented 6 years ago (Migrated from gitlab.com)

Bump.

I got the same problem. It happens a month ago when host decided to disable exec() and shell_exec().

Warning: shell_exec() has been disabled for security reasons in /home/username/path/to/exec-test.php on line 2

New solution? Maybe switch or fallback to native PHP when shell_exec is disabled.

cc @tslocum

Addendum:
They are jerk.

Warning: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /home/username/path/to/ib/imgboard.php on line 111

Warning: file_get_contents(https://i.ytimg.com/vi/20vu6NddR34/hqdefault.jpg): failed to open stream: no suitable wrapper could be found in /home/username/path/to/ib/imgboard.php on line 111

Notice: getimagesize(): Read error! in /home/username/path/to/ib/imgboard.php on line 113

Time to stick to PHP lib-curl.

Bump. I got the same problem. It happens a month ago when host decided to disable `exec()` and `shell_exec()`. >Warning: shell_exec() has been disabled for security reasons in /home/username/path/to/exec-test.php on line 2 New solution? Maybe switch or fallback to native PHP when `shell_exec` is disabled. cc @tslocum **Addendum:** They are jerk. ``` Warning: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /home/username/path/to/ib/imgboard.php on line 111 Warning: file_get_contents(https://i.ytimg.com/vi/20vu6NddR34/hqdefault.jpg): failed to open stream: no suitable wrapper could be found in /home/username/path/to/ib/imgboard.php on line 111 Notice: getimagesize(): Read error! in /home/username/path/to/ib/imgboard.php on line 113 ``` Time to stick to PHP `lib-curl`.
tslocum commented 5 years ago (Migrated from gitlab.com)

Thanks @indrakaw, I've merged your commits and tweaked the function to fall back to file_get_contents if cURL isn't installed.

Thanks @indrakaw, I've merged your commits and tweaked the function to fall back to file_get_contents if cURL isn't installed.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
sqlitefix
shortcut
json
Labels
Apply labels
Clear labels   
bug

Something is not working   
duplicate

This issue or pull request already exists   
enhancement

New feature   
help wanted

Need some help   
invalid

Something is wrong   
question

More information is needed   
wontfix

This won't be fixed
No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Assignees
Assign users
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: tslocum/tinyib#28
Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(<nil>)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes