Classic Rotary Phones Forum

Telephone Talk => Forum News => How To Post Photos on CRPF => Topic started by: DavePEI on February 20, 2013, 05:46:25 AM

Title: Posting Photos on CRPF
Post by: DavePEI on February 20, 2013, 05:46:25 AM
Quote from: poplar1 on February 12, 2013, 03:36:22 PM
When you hit reply tab, then click on additional options, browse the pictures that are saved on your hard drive, click on the photo you want to send.
Just an example to help show new users how to add a photo.... Because of the number of new users asking how to do this, I wonder if  seeing if a screen capture of the process might help.

First save a copy of the photo you wish to share to your computer. Make sure you have it cleaned, oriented, and cropped as you would like people to be able to see it. Images should be a maximum of 2500 x<2500 pixels and less than 3 MBytes in file size, but they can be smaller, of course. Anything smaller than 750 x <750 pixels may not show good detail.

Compose your message, click on "Attachments and other options"

Select the photo from your computer using the browse box, and it will upload to the forum and show below your message after you click on save... If you want to include more than one, click on more attachments, and you will be given a fresh attachment line below the first to include another. You can post up to 6 photos per message...  Finally, click on Post/Save to start the transfer. It will take a while for the photo to upload, then you will return to the page, and you should see your photo.

Not rocket science, but since you don't get the option to add unless you click on additional options, it isn't apparent to someone who hasn't done it before.

You can do this with .GIF, .JPG, other common image files, and can attach common word processor and PDF files as well - in the case of non image files there will be no preview; only a link to download the file will appear below the message.

Hint: When you view such a message, you will see the message first, then the photo (or at least a thumbnail of it) below. If the uploaded image is larger than what shows, you can click on it with your mouse to view a new window with the full sized image. e.g. Click on image below to see what happens.... If your uploaded image is the same size, or is smaller than the visible image, you will not be able to magnify it in this way.

If you have trouble getting your image to post, check to make sure:

a) That is is a supported image type (.gif, .jpg and .png are the best, formats such as .tif may not correctly display due to the many different flavours and compression in the .tif format.) No one software supports all types.

b) That the image is within the size constraints mentioned above.

c) If your image will not upload, there is a possibility that your computer's security settings are set up too tightly (i.e. Firewall), and your firewall is blocking the file transfer to the server. I have been able to duplicate this here by setting my firewall settings way to high.

Hope this helps!

Dave

-------------------

Edit: - the second screen shot below is using what you see with the current, upgraded SMF forum software
Title: Re: Posting Photos on CRPF
Post by: DavePEI on March 13, 2013, 04:58:08 PM
Quote from: southernphoneman on March 13, 2013, 04:50:26 PM
i have tried numerous time to post photos, i guess its not meant to be.i am logging off and going to watch tv ! bye
What happens when you try to post. Post one here, then leave the message (photo ot not) so I can see what the result was. My guess is that your computer is blocking the transfer. Look up in the toolbar at the top of you browser when you try to upload a photo, and see if a line pops up there asking if it is ok to transfer. Regardless, I would like to see the end post after you try to attach a photo so I can see what it says, i.e. whether the system acknowledges whether there has been a transfer.

Also, have you tried doing it from another computer? Just trying to narrow down the cause of your problem.

Dave
Title: Re: Posting Photos on CRPF
Post by: DavePEI on March 13, 2013, 05:16:03 PM
Quote from: southernphoneman on March 13, 2013, 05:14:08 PM
i tried and it would not go through, i guess the computer isn t allowing it to go, when i hit additional options and choose the photo it just stalls for lack of a better term.
After you have the photo selected, the photo won't post until you tell the software to post...
Are you then clicking on Save at the bottom?

Dave
Title: Re: Posting Photos on CRPF
Post by: DavePEI on March 13, 2013, 05:20:29 PM
Quote from: southernphoneman on March 13, 2013, 05:19:41 PM
lets make sure i am doing this right
Perfect! Congratulations, you did it!

Dave
Title: Re: Posting Photos on CRPF
Post by: DavePEI on March 13, 2013, 05:24:32 PM
Quote from: southernphoneman on March 13, 2013, 05:22:42 PM
davepei, i appreciate your help, i did give enough time for it to go through but it now works. i really want to thank you on this one. by the way, this is a phone that i bought as a clunker and refurbished and resold on ebay. thankyou once again.
Nice. Glad you have your posting working now. Always glad to help!

One of the great things about the Forum is the ability to post photos with your messages. Aside from the people here, it is one thing that sets it apart from the listserves (though I highly recommend them as well)!

Dave
Title: Re: Posting Photos on CRPF
Post by: Greg G. on March 14, 2013, 01:00:18 PM
Quote from: southernphoneman on March 13, 2013, 05:22:42 PM
davepei, i appreciate your help, i did give enough time for it to go through but it now works. i really want to thank you on this one. by the way, this is a phone that i bought as a clunker and refurbished and resold on ebay. thankyou once again.

I think one of the problems is your picture is huge, so it takes a while to upload, also to view when you click on the image. Unless there's a particular reason to view some small details in the picture, you may want to re-size them down to a smaller size. For example, the one in your post is 4320X3240. I re-sized it to 1/4 the original size.  They look the same in each post because the forum software will reduce it to a viewable size, but the original size is still in the background.  When you click on the picture you'll see what I mean.

I use LView Pro for my graphics needs, which consists mostly of resizing and cropping pictures.
Title: Re: Posting Photos on CRPF
Post by: tallguy58 on December 27, 2013, 11:03:35 PM
WTH?? I tried to post a photo on the new forum and it said my attachment doesn't pass security check.

Huh?? >:(
Title: Re: Posting Photos on CRPF
Post by: Dennis Markham on December 27, 2013, 11:05:39 PM
Some people have had trouble posting a couple of images, getting that response.  I've tried one that a member had e-mailed to me and got the same response.  Right now, we don't know why. 
Title: Re: Posting Photos on CRPF
Post by: tallguy58 on December 27, 2013, 11:08:01 PM
OK , thanks
Title: Re: Posting Photos on CRPF
Post by: TelePlay on December 27, 2013, 11:27:06 PM
Quote from: tallguy58 on December 27, 2013, 11:03:35 PM
I tried to post a photo on the new forum and it said my attachment doesn't pass security check.

I've had that happen. Try resizing the picture, saving it under a new file name and reloading it. That works most of the time.
Title: Re: Posting Photos on CRPF
Post by: 19and41 on December 28, 2014, 01:48:57 PM
How do you put the attachment onto the post?  all I get is..  [img] [img]  I have uploaded images to the browse box and then can't post them.
Title: Re: Posting Photos on CRPF
Post by: andre_janew on March 14, 2015, 07:32:29 PM
I recently tried to post photos of a Leich telephone I purchased on eBay.  I kept getting a message that the attachments didn't pass security clearance.  Really?  Seriously?  I'm not joking about this!
Title: Re: Posting Photos on CRPF
Post by: WesternElectricBen on March 14, 2015, 07:36:33 PM
Quote from: andre_janew on March 14, 2015, 07:32:29 PM
I recently tried to post photos of a Leich telephone I purchased on eBay.  I kept getting a message that the attachments didn't pass security clearance.  Really?  Seriously?  I'm not joking about this!

I recently got the same thing..

Ben
Title: Re: Posting Photos on CRPF
Post by: DavePEI on March 14, 2015, 07:38:44 PM
Quote from: andre_janew on March 14, 2015, 07:32:29 PM
I recently tried to post photos of a Leich telephone I purchased on eBay.  I kept getting a message that the attachments didn't pass security clearance.  Really?  Seriously?  I'm not joking about this!
Usually that message is the result of sending an attachment for a photo not in the accepted formats for the board. Your best bet is to send it as a  JPEG file, GIF file, or other common formats. PCX and TIFF will not upload.

It also may have been too large a file - try reducing it in size.

Dave
Title: Re: Posting Photos on CRPF
Post by: unbeldi on March 14, 2015, 07:46:50 PM
The security issues are caused by certain EXIF information stored in images by certain software and cameras. Some of this information is for some reason considered a security issue, albeit it isn't.

From reading some discussions online it appears that these "security settings" in SMF are counter-intuitive, and there were some bugs discussed and apparently fixes applied.

There may have been some changes made since a couple of days ago.  Has this only been a problem since Thursday or so?  Dennis and I had some interaction about this, and his software guy is supposed to address this.



Title: Re: Posting Photos on CRPF
Post by: andre_janew on March 14, 2015, 07:53:40 PM
I tried to post these photos earlier today.  BTW, I probably should tell Dennis about this since one of the things the message mentioned was contacting the administrator.
Title: Re: Posting Photos on CRPF
Post by: TelePlay on March 14, 2015, 08:18:30 PM
Quote from: andre_janew on March 14, 2015, 07:32:29 PM
I recently tried to post photos of a Leich telephone I purchased on eBay.  I kept getting a message that the attachments didn't pass security clearance.  Really?  Seriously?  I'm not joking about this!

I had the same thing happen to me a day or two ago. I was trying to put up this reply

http://www.classicrotaryphones.com/forum/index.php?topic=13923.msg145621#msg145621 and attach a photo of the moss green 465.

When I posted it, I got the same reply. I took the image off and the text posted. I tried to add the photo and got the security reply again. I took the photo off and the save worked, but still no photo. I went back into the eBay listing and savied(copied) the photo once again. Opened the saved file in the same software I used to crop the photo the first time around, cropped it down and saved it over the existing file. I then added the attachment to my existing post and is loaded just fine.

All I can say of that is when I saved it the first time, something happened to the file which made it look like a security threat to the SMF software. Now I wish I would have saved it in a second file and kept the offending photo file for comparison. Saved them both as jpeg's, same size using the same software.
Title: Re: Posting Photos on CRPF
Post by: cchaven on May 10, 2015, 04:26:40 PM
I still get the security error message no matter what resolution or file size I make the images.  Yet, a moderator was able to move an image I had put up on flickr then posted the link so that the image was included with the message?  The same image that had refused to upload due to security reasons?  Has anyone figured out just what is happening here?

Thanks
Jeff
Title: Re: Posting Photos on CRPF
Post by: dsk on May 10, 2015, 05:11:34 PM
Same here.
dsk
Title: Re: Posting Photos on CRPF
Post by: TelePlay on May 10, 2015, 05:59:50 PM
Quote from: cchaven on May 10, 2015, 04:26:40 PM
Has anyone figured out just what is happening here?

Nope.

The Problem went away for a month or so and now it's back but less so in that it happens less, but it still happens. I could not link the issue to what was being uploaded other than something being uploaded. Even had the situation happen where I got the error and within a few seconds of getting the error, tried to upload the exact same image and it went through. I have been able to upload rejected images a few days later, same file but different day. On getting the error, I've made the image larger and they uploaded right away. I've made images smaller and they have uploaded right away. I've had images in which I've changed their size both ways rejected. But I have never had an auction contest spreadsheet rejected and those are Excel files printed as a pdf and then converted to a jpg using Adobe Photoshop Elements.

So, in five words, I don't have a clue, other than thinking it's a server/bandwidth issue over which we have no control.
Title: Re: Posting Photos on CRPF
Post by: andre_janew on May 11, 2015, 08:19:43 PM
I have found out that sometimes I can post photos without resizing them, sometimes I can't.  Smaller photos have a better chance of getting through than larger ones.  I don't understand the new system and I don't think anyone else does either.  All I know is that small photos have a better shot at getting posted.
Title: Re: Posting Photos on CRPF
Post by: unbeldi on May 11, 2015, 08:26:52 PM
Quote from: andre_janew on May 11, 2015, 08:19:43 PM
I have found out that sometimes I can post photos without resizing them, sometimes I can't.  Smaller photos have a better chance of getting through than larger ones.  I don't understand the new system and I don't think anyone else does either.  All I know is that small photos have a better shot at getting posted.

Well, the web system software is actually well understood.  I posted what the checks do exactly and proposed a permanent fix.
What is less understood is what kind of meta information is written by various software in cell phones, cameras, and computer applications, and at which times the information is not written or updated.  If my fix were applied, none of this would actually matter.

At least, I believe, we have already fixed one issue.  Since my fix for a memory increase in the image resizing operation was applied, I have not once had the white-screen-of-death problem, that was very common previously, when uploading certain images.  The image upload operations are much faster, when the 'security' issues are not encountered.
Title: Re: Posting Photos on CRPF
Post by: DavePEI on May 12, 2015, 06:20:08 AM
Quote from: unbeldi on May 11, 2015, 08:26:52 PM

Well, the web system software is actually well understood.  I posted what the checks do exactly and proposed a permanent fix.
What is less understood is what kind of meta information is written by various software in cell phones, cameras, and computer applications, and at which times the information is not written or updated.  If my fix were applied, none of this would actually matter.
Now, it isn't the Meta information that is the issue. We have proven that over and over. When you can take images off a camera, resize it down to 1000x640 as I have done many times in Photoshop (which strips out the Meta tags) and use multiple cameras or scanners as a source, and have it fail upload, then the tag of the camera or source isn't the fault.

Blaming Meta tags from the software for failure to upload? Well, Ok, when you can take the image then using the same software and change it to a larger or smaller size, and have it upload just fine, that eliminates its being software Meta tags. Especially when you can take the original unmodified image two hours later and it uploads without a hitch, as we have all had happen. Teleplay has also verified this.

So, what we are looking at is something either in the Forum software or something on the server,  or server load, or a combination of both. When you can take the original image later and have it upload just fine with no modifications, this definitely points towards this, and not Meta information.

Things we need to be looking at: Server Load at the time of failed uploads, other software and TSRs running on the server at the time of failed uploads, network load at the time of failed uploads, etc. DO a RAM check on the server to ensure it doesn't have flaky RAM, ec.

Dave
Title: Re: Posting Photos on CRPF
Post by: unbeldi on May 12, 2015, 09:11:39 AM
Quote from: DavePEI on May 12, 2015, 06:20:08 AM
Quote from: unbeldi on May 11, 2015, 08:26:52 PM

Well, the web system software is actually well understood.  I posted what the checks do exactly and proposed a permanent fix.
What is less understood is what kind of meta information is written by various software in cell phones, cameras, and computer applications, and at which times the information is not written or updated.  If my fix were applied, none of this would actually matter.
Now, it isn't the Meta information that is the issue. We have proven that over and over. When you can take images off a camera, resize it down to 1000x640 as I have done many times in Photoshop (which strips out the Meta tags) and use multiple cameras or scanners as a source, and have it fail upload, then the tag of the camera or source isn't the fault.

Blaming Meta tags from the software for failure to upload? Well, Ok, when you can take the image then using the same software and change it to a larger or smaller size, and have it upload just fine, that eliminates its being software Meta tags. Especially when you can take the original unmodified image two hours later and it uploads without a hitch, as we have all had happen. Teleplay has also verified this.

So, what we are looking at is something either in the Forum software or something on the server,  or server load, or a combination of both. When you can take the original image later and have it upload just fine with no modifications, this definitely points towards this, and not Meta information.

Things we need to be looking at: Server Load at the time of failed uploads, other software and TSRs running on the server at the time of failed uploads, network load at the time of failed uploads, etc. DO a RAM check on the server to ensure it doesn't have flaky RAM, ec.

Dave

Sorry, but that is incorrect.
I have even written a little test program that you can run on your computer, that tests which images will fail (do not pass the security check) and which don't.
I think I posted it here somewhere, and it used a fragment of the same code that the web server side uses for this test.
Title: Re: Posting Photos on CRPF
Post by: DavePEI on May 12, 2015, 09:44:04 AM
Quote from: unbeldi on May 12, 2015, 09:11:39 AM
Quote from: DavePEI on May 12, 2015, 06:20:08 AM
Quote from: unbeldi on May 11, 2015, 08:26:52 PM

Well, the web system software is actually well understood.  I posted what the checks do exactly and proposed a permanent fix.
What is less understood is what kind of meta information is written by various software in cell phones, cameras, and computer applications, and at which times the information is not written or updated.  If my fix were applied, none of this would actually matter.
Now, it isn't the Meta information that is the issue. We have proven that over and over. When you can take images off a camera, resize it down to 1000x640 as I have done many times in Photoshop (which strips out the Meta tags) and use multiple cameras or scanners as a source, and have it fail upload, then the tag of the camera or source isn't the fault.

Blaming Meta tags from the software for failure to upload? Well, Ok, when you can take the image then using the same software and change it to a larger or smaller size, and have it upload just fine, that eliminates its being software Meta tags. Especially when you can take the original unmodified image two hours later and it uploads without a hitch, as we have all had happen. Teleplay has also verified this.

So, what we are looking at is something either in the Forum software or something on the server,  or server load, or a combination of both. When you can take the original image later and have it upload just fine with no modifications, this definitely points towards this, and not Meta information.

Things we need to be looking at: Server Load at the time of failed uploads, other software and TSRs running on the server at the time of failed uploads, network load at the time of failed uploads, etc. DO a RAM check on the server to ensure it doesn't have flaky RAM, ec.

Dave

Sorry, but that is incorrect.
I have even written a little test program that you can run on your computer, that tests which images will fail (do not pass the security check) and which don't.
I think I posted it here somewhere, and it used a fragment of the same code that the web server side uses for this test.
Sorry, but we will have to agree to disagree. I am not a newbie to computers, graphics, photography, or to web design. In fact I have been doing web design since 1991. So I remain convinced that it is not the Meta tag information, and believe with the many tests I have done that it isn't meta information that is the problem.
Title: Re: Posting Photos on CRPF
Post by: unbeldi on May 12, 2015, 09:55:23 AM
Quote from: DavePEI on May 12, 2015, 09:44:04 AM
Quote from: unbeldi on May 12, 2015, 09:11:39 AM
Quote from: DavePEI on May 12, 2015, 06:20:08 AM
Quote from: unbeldi on May 11, 2015, 08:26:52 PM

Well, the web system software is actually well understood.  I posted what the checks do exactly and proposed a permanent fix.
What is less understood is what kind of meta information is written by various software in cell phones, cameras, and computer applications, and at which times the information is not written or updated.  If my fix were applied, none of this would actually matter.
Now, it isn't the Meta information that is the issue. We have proven that over and over. When you can take images off a camera, resize it down to 1000x640 as I have done many times in Photoshop (which strips out the Meta tags) and use multiple cameras or scanners as a source, and have it fail upload, then the tag of the camera or source isn't the fault.

Blaming Meta tags from the software for failure to upload? Well, Ok, when you can take the image then using the same software and change it to a larger or smaller size, and have it upload just fine, that eliminates its being software Meta tags. Especially when you can take the original unmodified image two hours later and it uploads without a hitch, as we have all had happen. Teleplay has also verified this.

So, what we are looking at is something either in the Forum software or something on the server,  or server load, or a combination of both. When you can take the original image later and have it upload just fine with no modifications, this definitely points towards this, and not Meta information.

Things we need to be looking at: Server Load at the time of failed uploads, other software and TSRs running on the server at the time of failed uploads, network load at the time of failed uploads, etc. DO a RAM check on the server to ensure it doesn't have flaky RAM, ec.

Dave

Sorry, but that is incorrect.
I have even written a little test program that you can run on your computer, that tests which images will fail (do not pass the security check) and which don't.
I think I posted it here somewhere, and it used a fragment of the same code that the web server side uses for this test.
Sorry, but we will have to agree to disagree. I am not a newbie to computers, graphics, photography, or to web design. In fact I have been doing web design since 1990. So I remain convinced that it is not the Meta tag information, and believe with the many tests I have done that it isn't meta information that is the problem.


Well, then you have to demonstrate your opinion.  I have proven my findings and software doesn't lie. The code is unambiguous.
It really isn't a matter of opinion anymore.


[PS: the web didn't exist in 1990 and virtually no-one knew about it until 1992.]
Title: Re: Posting Photos on CRPF
Post by: WEBellSystemChristian on May 12, 2015, 09:58:47 AM
It seems that we have a pretty big divide here as to what the problem is. I can see this discussion heading in a bad direction...

Since both of you completely lost me at the word "Meta", it won't help many of us understand what you're discussing. If you have a disagreement about the solution, can you each just each explain (in simple terms, please) what you think the solution is?

Please leave arguments like this in PMs; not that there's anything wrong with it at the moment, it's just that the rest of those who actually have a photo-posting issue don't want to see what's going to happen if we keep this two-way disagreement going.
Title: Re: Posting Photos on CRPF
Post by: DavePEI on May 12, 2015, 10:13:08 AM
Quote from: WEBellSystemChristian on May 12, 2015, 09:58:47 AM
It seems that we have a pretty big divide here as to what the problem is. I can see this discussion heading in a bad direction...

Since both of you completely lost me at the word "Meta", it won't help many of us understand what you're discussing. If you have a disagreement about the solution, can you each just each explain (in simple terms, please) what you think the solution is?

Please leave arguments like this in PMs; not that there's anything wrong with it at the moment, it's just that the rest of those who actually have a photo-posting issue don't want to see what's going to happen if we keep this two-way disagreement going.
The main point is for the time being, none of us do have a solution. We need to keep gathering data, and not discounting any suggestions, and hopefully we eventually will find a true and permanent solution.

Dave
Title: Re: Posting Photos on CRPF
Post by: unbeldi on May 12, 2015, 10:19:07 AM
Quote from: DavePEI on May 12, 2015, 10:13:08 AM
Quote from: WEBellSystemChristian on May 12, 2015, 09:58:47 AM
It seems that we have a pretty big divide here as to what the problem is. I can see this discussion heading in a bad direction...

Since both of you completely lost me at the word "Meta", it won't help many of us understand what you're discussing. If you have a disagreement about the solution, can you each just each explain (in simple terms, please) what you think the solution is?

Please leave arguments like this in PMs; not that there's anything wrong with it at the moment, it's just that the rest of those who actually have a photo-posting issue don't want to see what's going to happen if we keep this two-way disagreement going.
The main point is for the time being, none of us do have a solution. We need to keep gathering data, and not discounting any suggestions, and hopefully we eventually will find a true and permanent solution.

Dave

I have provided an exact solution and tested it on my forum installation.

Please run this test on your computer on the images that fail to upload because of "security" violations:  http://www.classicrotaryphones.com/forum/index.php?topic=14064.msg146942#msg146942

Title: Re: Posting Photos on CRPF
Post by: dsk on May 12, 2015, 12:28:03 PM
Tried to post pictures re-sized to max length/with (the greatest side) to 1000PX 45 PX/inch.
Works, but is it permanent or just luck????

dsk
Title: Re: Posting Photos on CRPF
Post by: NorthernElectric on May 12, 2015, 12:33:54 PM
Quote from: WEBellSystemChristian on May 12, 2015, 09:58:47 AMSince both of you completely lost me at the word "Meta", it won't help many of us understand what you're discussing.

Simply put, metadata is information embedded in the image file that is not part of the image itself.  Typical metadata will include information about the camera and it's settings used to take the photo.  It can also include the latitude and longtitude where the photo was taken if from a GPS-enabled device, copyright information, etc.  It can also contain html and/or php code (2 languages used to write web pages).  This, I believe, is the main reason for the security checks as some web software has vulnerabilities that will execute such embedded code.

Hackers can and have added malicious code into image files.  It's possible that some cameras and/or imaging software may put benign html into their metadata, and these are being rejected by the security checks.
Title: Re: Posting Photos on CRPF
Post by: unbeldi on May 12, 2015, 01:02:20 PM
Quote from: dsk on May 12, 2015, 12:28:03 PM
Tried to post pictures re-sized to max length/with (the greatest side) to 1000PX 45 PX/inch.
Works, but is it permanent or just luck????

dsk
Only examination of the remaining meta information in the image after each image alteration can answer that.

One solution of course is to always strip meta data from images and the forum configuration software has such an option. But this has very detrimental effects on image types that require certain meta data, such as animated GIF images. The animation is encoded as meta data and the image would be broken, if removed.

Security is an issue always relative to the environment against which it is assessed. This is a very closed community, every one must register and be approved by an actual person to post and the trustworthiness of everyone here has never, afaik, been questioned. We are also not running rogue code, or untested third party forum extensions, so the environment is in every aspect very controlled.

Therefore, I would encourage to simply remove the "security" check code from execution.

The only danger in this appears that when some one grabs an image from some website out there and posts it on the forum. It could be infected with some crafted exploit, and someone could subsequently download it and experience problems on their computer.  I don't think I ever upload images from third party sites, not even eBay, without first rewriting them in one of my image editors. Ebay images appear safe to me, though, as eBay processes them internally with the ImageMagick API (if I recall correctly), and inserts their own meta data.

Title: Re: Posting Photos on CRPF
Post by: NorthernElectric on May 12, 2015, 03:03:48 PM
Quote from: unbeldi on May 12, 2015, 01:02:20 PM...I would encourage to simply remove the "security" check code from execution.

The only danger in this appears that when some one grabs an image from some website out there and posts it on the forum. It could be infected with some crafted exploit, and someone could subsequently download it and experience problems on their computer.  I don't think I ever upload images from third party sites, not even eBay, without first rewriting them in one of my image editors. Ebay images appear safe to me, though, as eBay processes them internally with the ImageMagick API (if I recall correctly), and inserts their own meta data.

Even if eBay sanitizes uploaded images, many sellers use externally hosted images, eg. auctiva, inkfrog, etc.  Do we extend our trust to any site that may contain an image linked to by an IMG tag on an eBay page?  As an alternative to turning off image security checks on this forum, has this (from SMF 2.0 Online Manual: Attachments and Avatars (http://wiki.simplemachines.org/smf/SMF2.0:Attachments_and_Avatars)) been tried?

Title: Re: Posting Photos on CRPF
Post by: DavePEI on May 12, 2015, 03:14:12 PM
I agree it might be worthwhile removing the security check for a trial period, perhaps re-encoding as a precaution. If that solves the problem, then maybe we can move on. The loss of animated GIFs wouldn't be a big deal for the majority of users.

Dave
Title: Re: Posting Photos on CRPF
Post by: unbeldi on May 12, 2015, 03:17:02 PM
Quote from: NorthernElectric on May 12, 2015, 03:03:48 PM
Quote from: unbeldi on May 12, 2015, 01:02:20 PM...I would encourage to simply remove the "security" check code from execution.

The only danger in this appears that when some one grabs an image from some website out there and posts it on the forum. It could be infected with some crafted exploit, and someone could subsequently download it and experience problems on their computer.  I don't think I ever upload images from third party sites, not even eBay, without first rewriting them in one of my image editors. Ebay images appear safe to me, though, as eBay processes them internally with the ImageMagick API (if I recall correctly), and inserts their own meta data.

Even if eBay sanitizes uploaded images, many sellers use externally hosted images, eg. auctiva, inkfrog, etc.  Do we extend our trust to any site that may contain an image linked to by an IMG tag on an eBay page?  As an alternative to turning off image security checks on this forum, has this (from SMF 2.0 Online Manual: Attachments and Avatars (http://wiki.simplemachines.org/smf/SMF2.0:Attachments_and_Avatars)) been tried?

The option you are citing is in fact is the option I mentioned earlier, and no, it has not been tried. I don't actually encourage that either for the reason I stated.

Basically, the "security" check in SMF is very poor, IMHO, extremely basic. For software that is as frequently used as SMF, I would expect more sophistication. Lacking that, these "features" become bugs.

Title: Re: Posting Photos on CRPF
Post by: stub on August 23, 2015, 07:04:58 PM
 unbeldi,
            Tried to post pic today, that I have posted in the past, and I can't pass security check either. What's up.  stub
Title: Re: Posting Photos on CRPF
Post by: unbeldi on August 23, 2015, 08:24:52 PM
Quote from: stub on August 23, 2015, 07:04:58 PM
unbeldi,
            Tried to post pic today, that I have posted in the past, and I can't pass security check either. What's up.  stub

I don't know.  The exact same unmodified image?
JPEG images can be tricky, thinking about it, because when decoded they can be different every time, because the lossy compression forces slight changes.  I have not investigated that. 
Title: Re: Posting Photos on CRPF
Post by: stub on August 23, 2015, 09:05:57 PM
 unbeldi,
             The pic I tried to post was the AE cradle in black before I ran it thru the bead blaster. stub
Title: Re: Posting Photos on CRPF
Post by: andre_janew on August 24, 2015, 04:04:49 PM
JPEG images and small pictures work for me!
Title: Re: Posting Photos on CRPF
Post by: andy1702 on October 29, 2016, 02:15:55 PM
OK guys, I'm still having the 'failed security checks' thing.

Being quite new here, I'm just wondering why a JPG image needs to go through any kind of security check? I've never known this on any forum before and I've been on (and even run) quite a few. If security is so tight you can't do anything, what's the point of having the forum in the first place? I'm not sure what software is being used here, but I'd suggest PHPBB. It allows you to post images of any size straight to it and even place them between different areas of text in your post.

I find having to resize images a real hassle and even when I've done that I still can't get them to upload. I'd say remove the security checks because they obviously don't work as they should.
Title: Re: Posting Photos on CRPF
Post by: Greg G. on October 29, 2016, 03:25:20 PM
Quote from: andy1702 on October 29, 2016, 02:15:55 PM
OK guys, I'm still having the 'failed security checks' thing.

Being quite new here, I'm just wondering why a JPG image needs to go through any kind of security check? I've never known this on any forum before and I've been on (and even run) quite a few. If security is so tight you can't do anything, what's the point of having the forum in the first place? I'm not sure what software is being used here, but I'd suggest PHPBB. It allows you to post images of any size straight to it and even place them between different areas of text in your post.

I find having to resize images a real hassle and even when I've done that I still can't get them to upload. I'd say remove the security checks because they obviously don't work as they should.

What program are you using to resize them?  I use LView Pro, but even with Paint (which I never use) I didn't have much trouble figuring out how to resize them.  I usually resize my pics ("my pics" being pictures I've taken myself) to 1/3 of the original size for uploading.  In both programs you have the option to choose a percentage, and in my case I usually choose 33.33% of the original, depending on the pic.
Title: Re: Posting Photos on CRPF
Post by: Pourme on October 29, 2016, 08:46:27 PM
I use the resizer built into windows. Rt click and choose edit, follow the prompts...easy
Title: Re: Posting Photos on CRPF
Post by: andy1702 on October 30, 2016, 03:36:38 PM
I don't run Windows on any of my computers any more. Everything here has been using various flavours of Linux for the last 5 or 6 years and I've never run across this problem with images on any forum before. I edited the images in question on a desktop running Linux Mint 17.1 and used the widely know open source GIMP software. Images were in landscape format and resized to 1000 pixels on the longest edge, which made them both around 250kb, so well within the limits the forum is supposed to accept.
Title: Re: Posting Photos on CRPF
Post by: unbeldi on October 30, 2016, 03:45:27 PM
The problem is actually well understood and is a bug (not officially, of course) in Simple Machines Forum.  The "security" check is so primitive that it flags any image that happens to have the right bit sequence to mach a list of "forbidden" words or tags that could be used in malicious embedded code.  Problem is that the tags are commonly used also in meta information that is harmless, and even beneficial, or even necessary.

I posted a short computer program here in another thread (http://www.classicrotaryphones.com/forum/index.php?topic=14032.msg146942#msg146942) that can be used to identify those images, using the exact algorithm, the same code snippet, that the forum software uses.  It could easily be completely disabled.

===========================

EDIT:  The above linked program can also be found in this 3 page topic about this issue.

http://www.classicrotaryphones.com/forum/index.php?topic=14032.0
Title: Re: Posting Photos on CRPF
Post by: unbeldi on October 30, 2016, 04:13:11 PM
So, based on what I said, the problem is not the size of the picture, within reason, but the data.  A resized image could well have more or fewer offending bit sequences.
What is important in resizing, is that the image data is actually resampled in the process, rather than just cropped or extracted in some fashion without alteration of the critical area.  And if it is the EXIF or other other meta information, it may well be always inserted with the software used.  I created a special menu shortcut in my finder app to clean an image from all meta information using a Unix program, exiftool.  But this also cleans out the image size meta information, so I always have to reset the DPI parameter to what it was before.
Title: Re: Posting Photos on CRPF
Post by: SUnset2 on October 30, 2016, 08:19:30 PM
It's always a good idea to clear out the metadata before posting to a web site.  It could contain identifying information.  But removing the metadata doesn't usually help getting the photo posted on this site.  If I can't get the JPEG to post, I convert the photo to PNG format.  That always ends up working for me.
Title: Re: Posting Photos on CRPF
Post by: TelePlay on October 30, 2016, 08:50:37 PM
Quote from: SUnset2 on October 30, 2016, 08:19:30 PM
It's always a good idea to clear out the metadata before posting to a web site.  It could contain identifying information.  But removing the metadata doesn't usually help getting the photo posted on this site.  If I can't get the JPEG to post, I convert the photo to PNG format.  That always ends up working for me.

Well, that makes sense and goes along with unbeldi said. What raises the flag can be in the meta data or a string of digital characters within the image itself. A large image has a lot of code. Resizing the image either up or down "juggles" the image code and hopefully the voilating string is broken up. It may take more than one resizing to do that. Now, if the offending code is in the meta or EXIF data, resizing won't touch that and the only way to get rid of that is run the image through something that strips out the meta data and/or EXIF code.

I've created images in an old software imaging program I have that has nothing to do with a smart phone or any Adobe product or Microsoft product and once in a while, they won't load, resizing them once or twice allowed me to load them. Then, I've had members send me images via email they could not post and by opening the image in my old software and doing nothing more than saving it in a new file name allowed me to upload the image - meta and EXIF data stripped out so the problem was in the image header. Both of those experiences prove unbeldi's contentions.

Lastly, sometimes the cause is truly unknown in that an offending image one night will load just fine the next night with nothing done to it except being one day older. I've had that happen to me a couple of time when working with offending images.

One thing for sure, several work arounds are out there to get an image into a post.
Title: Re: Posting Photos on CRPF
Post by: TelePlay on November 01, 2016, 07:17:57 AM
Had time to look at jpg vs png images meta data, with the PNG option being a work around.

The attached 4 pdf files are printouts of EXIF data from two different images (one of a phone booth recently posted on the forum taken with a Microsoft Lumia and a water scene taken with an Apple iPhone SE) both saved as a JPG file and then saved as a PNG file.

The reported ease of loading images in PNG format when JPG loading fails may be the result of the PNG file stripping away much of the meta data (NOTE: neither of these images were take with "Location Services" turned on for if it was, the amount of meta data in the JPG images would be even larger).

While the "random string within the image data" theory of larger images sizes being more open to setting off the flag may not be affected by saving an image as a PNG file, it does show that removal of meta data by saving an offending image as a PNG for uploading can help post troublesome images to the forum, to get around the "security flag" when it appears for any one image.
Title: Re: Posting Photos on CRPF
Post by: andy1702 on November 01, 2016, 10:03:03 AM
I've just tried converting the troublesome images to PNG and they have uploaded ok. Another is attached below as a test.

My next question is this... How do we put images within a post rather than attaching them to the end? Sometimes it's useful to have some text, then an image, then some more text, then another image etc? On other forums I've used when the images are uploaded as attachments a link then appears for each one which allows you to place it within the post. That doesn't seem to happen here though. Here it seems to just attach everything at the end.

Andy.
Title: Re: Posting Photos on CRPF
Post by: unbeldi on November 01, 2016, 11:39:57 AM
Quote from: andy1702 on November 01, 2016, 10:03:03 AM
I've just tried converting the troublesome images to PNG and they have uploaded ok. Another is attached below as a test.

My next question is this... How do we put images within a post rather than attaching them to the end? Sometimes it's useful to have some text, then an image, then some more text, then another image etc? On other forums I've used when the images are uploaded as attachments a link then appears for each one which allows you to place it within the post. That doesn't seem to happen here though. Here it seems to just attach everything at the end.

Andy.



Yes, this would indeed be a highly desirable feature.  It requires installing additional modules to the forum software.
I have used a work around using the table feature, but the images still have to be attached to a post first. Once on the forum, they can be referenced by URL and incorporated into a table layout, as I have done here with your photo.  Not ideal, but it works.
(http://www.classicrotaryphones.com/forum/index.php?action=dlattach;topic=8990.0;attach=149702;image)
Title: Re: Posting Photos on CRPF
Post by: TelePlay on November 01, 2016, 11:42:45 AM
unbeldi posted while I was composing the following. We agree, we say the same thing, I included examples.

---------------------------------------

That can be done using the html code [i mg] image url [/i mg], without the spaces between the "i" and "m" but while this can be done to put images in the "text" or body of the post, it is problematic in that it is best if the image already is posted on the forum, such as this,

(http://www.classicrotaryphones.com/forum/index.php?action=dlattach;topic=8990.0;attach=149702;image)

and not linked to an external source, such as this,

(http://i.ebayimg.com/images/g/VpkAAOSwcUBYGGdZ/s-l1600.jpg)

which was taken from this eBay current auction

http://www.ebay.com/itm/Vintage-retro-Iskra-ATA-62-rotary-telephone-grey-Yugoslavia-/152301547631

which will end and shortly after the url will be put into an inactive area by eBay and then reused someday for another phone.

When anything is done to change the url of the external image, including deleting a Photobucket or similar such photo storing site, or removing the photo from the collection or simply moving it to another area of the collection, the image will no longer appear in the forum topic, only this will be seen,

(http://i7.photobucket.com/albums/y288/troydogtvtv/phone/DSCN2187.jpg)

and if photos from an external site were used to help describe the context of the post, the context is lost forever, as in this topic

http://www.classicrotaryphones.com/forum/index.php?topic=5237.msg64572#msg64572

which would have been a very good example of a 302 dial rebuild, if the pictures were still there.

I created this topic some time ago to explain how why it is best to post images directly to the forum

http://www.classicrotaryphones.com/forum/index.php?topic=11610.0

I guess one work around is to post the images, maximum allowed are 6 per reply, and then go back into the post in the "modify" mode and copy the forum url of a photo and paste it into the context at the wanted place. The image would then appear twice in a reply but would be on the forum forever. A little extra work but that is the "approved" was of doing it, or the way that is best for the posterity of the forum.

===============

The pdf of the test phone is attached, showing limited meta data.

Title: Re: Posting Photos on CRPF
Post by: TelePlay on November 01, 2016, 01:51:27 PM
After receiving the offending jpg photos by way of email, posted here as uploaded to the 8100circuit topic,

(http://www.classicrotaryphones.com/forum/index.php?action=dlattach;topic=16999.0;attach=149698;image)

(http://www.classicrotaryphones.com/forum/index.php?action=dlattach;topic=16999.0;attach=149700;image)

I opened them in my old image editing software and did nothing more than save them in a new file, same file name with the word "stripped" attache to the file name. Did not resize them or edit them in any other way other than running them through the software.

After doing that, both uploaded to the forum here on first try indicating that the flag issue was in the meta data. To further prove that, I went into this post and then tried to add, to upload the original jpg images sent to me by regular email - both images gave me the security check error.

So, using my old software or saving an offending image as a PNG are two work arounds (except for the random string in the image code theory) to meta data caused loading issues.
Title: Re: Posting Photos on CRPF
Post by: AE_Collector on November 01, 2016, 01:51:58 PM
I want to point out in case it wasn't obvious that while the security checks could easily be deleted, it isn't a function that the owner (Dennis) or moderators of this site (CRPF) have any control over but rather the way the forum software from Simple Machines works.

None of us are how do I say...very good at any of this computer/internet stuff and struggle to keep the software reasonably up to date. However we do have members here who are very knowledgable on more than just phones, some are knowledgable on forum software etc. If we knew where to start we could maybe work with Simple Machines for some changes.

I think there are newer software releases to what we are currently on, I wonder if any of those releases have addressed the picture security Issues? I know the last update done was enough problems for one life time for Dennis but it was a major update going from version 1.x to version 2.x software. Maybe the next update within 2.x will be easier?

Terry
Title: Re: Posting Photos on CRPF
Post by: TelePlay on November 01, 2016, 03:18:01 PM
The current version is 2.0.12 released Sept 27th, 2016.

This is what SMF said about the upgrade form 2.0.11 to 2.0.12

"Simple Machines Forum has released a new patch to the 2.0.x line, bringing our latest release version to 2.0.12.

This patch is a security and maintenance release, which focuses on fixing a couple of minor bugs, while adding some enhancements and a patch to a security vulnerability reported in the software. Therefore, it is important that you install this patch in a timely manner."

Dennis will have to talk to his software support guy about this and upgrading. But, don't know if the upgrade will fix the "bug" we are seeing when loading certain JPG images.
Title: Re: Posting Photos on CRPF
Post by: AE_Collector on November 01, 2016, 06:20:13 PM
OH, I am surprised to see that we are currently on 2.11. I thought we were back at 2.03 or so and that updates don't happen automatically. Maybe Dennis and his software guy did the update to 2.11 fairly recently.

Terry
Title: Re: Posting Photos on CRPF
Post by: unbeldi on November 01, 2016, 06:31:42 PM
Quote from: AE_Collector on November 01, 2016, 06:20:13 PM
OH, I am surprised to see that we are currently on 2.11. I thought we were back at 2.03 or so and that updates don't happen automatically. Maybe Dennis and his software guy did the update to 2.11 fairly recently.

Terry

I think it has been this way for quite a while, because I remember comparing it with software I have installed, and mine was one version older, which it still is.
Title: Re: Posting Photos on CRPF
Post by: TelePlay on November 01, 2016, 11:37:13 PM
Quote from: andy1702 on November 01, 2016, 10:03:03 AM
My next question is this... How do we put images within a post rather than attaching them to the end? Sometimes it's useful to have some text, then an image, then some more text, then another image etc? On other forums I've used when the images are uploaded as attachments a link then appears for each one which allows you to place it within the post. That doesn't seem to happen here though. Here it seems to just attach everything at the end.

Here's another way of doing it. Put a descriptive file name on images to be uploaded and them reference those image files names in the text of the post or reply - a little bit of work to read and look below and go back to reading but it's a work around.

http://www.classicrotaryphones.com/forum/index.php?topic=4492.0