News:

"The phone is a remarkably complex, simple device,
and very rarely ever needs repairs, once you fix them." - Dan/Panther

Main Menu

"Security Error" when posting pictures

Started by electric al, March 27, 2015, 08:49:58 AM

Previous topic - Next topic

electric al

 Why can I not post pictures of my Polish phone.

I have tried  , and it says to check with administrator !

???
Never met a phone I didn't like !

unbeldi

In the complete error message, does it mention "security" problems?

This appears to be a software bug that we have been discussing recently.  Typically the resolution is to slightly resize or edit the picture with a photo editor program and try again.

andre_janew

I've been able to post pictures by resizing them to a smaller size before posting.  I've been using my camera to resize them.  Have you tried doing that?

electric al

#3
Classic Rotary Phones Forum » Telephone Talk » Flea Market/Yard Sale Finds
An Error Has Occurred!
Your attachment has failed security checks and cannot be uploaded. Please consult the forum administrator.

Why do I get this message when I try to send pictures ?
Never met a phone I didn't like !

unbeldi

#4
I do know the technical reason. The forum software uses a very primitive algorithm to check the meta data (but only the meta data) in images for potential security issues. Only certain cameras or image editors insert specific text strings into the meta data, and albeit harmless, they are flagged and the image is rejected with this error message.

The trick often is to resize the image with an image editor. In the process the meta information is changed  and the offending tag is removed, or the image data itself is changed sufficiently in the resize operation.

I do have a software fix for this: it simply eliminates certain code words from the test. Something more sophisticated is needed though.

It's highly user-unfriendly, even for an experienced user. If it were up to me, I would simply remove the test for now, because this is a closed forum where only registered users can post images and nobody has ever had any malicious intent.


electric al

  The problem is , I have posted  pictures before , taken with the same camera , and not had a problem.

This is only since yesterday  !
Never met a phone I didn't like !

LarryInMichigan

Can someone let me know what words or codes the system is detecting?  Nearly all of the image files I have posted were written with software that I wrote and which uses the open source JPEG library. 

Thank You


Larry

twocvbloke

I think it's just that little fella from china, Sum-Tin Wong, causing problems, I had the same issue when trying to upload the picture of the PCB in my MOD Mk.28 (same as a GPO 746, and was wired as a 2-wire phone) and took a few attempts to get past that and the picture came off my Galaxy S3 which pretty much all of my pictures have done so, I'm guessing that the forum software either has a bug or has been unofficially fiddled with...  :-\

unbeldi

Here is the critical code.  The forum administration menus have a setting for "extensive checks", which only adds a few more regular expression patterns to the "security" check.  So in the code excerpt this is the first conditional clause, the regular check the second.


                if (!empty($extensiveCheck)) {
                        // Paranoid check. Some like it that way.
                        if (preg_match('~(iframe|\\<\\?|\\<%|html|eval|body|script\W|[CF]WS[\x01-\x0C])~i', $prev_chunk . $cur_chunk) === 1) {
                                fclose($fp);
                                return false;
                        }
                } else {
                        // Check for potential infection
                        if (preg_match('~(iframe|html|eval|body|script\W|[CF]WS[\x01-\x0C])~i', $prev_chunk . $cur_chunk) === 1) {
                                fclose($fp);
                                return false;
                        }
                }

unbeldi

#9
Here is a stand-alone test program to perform the same test on an image file without having to upload it to the forum.

From a shell, run:

./test.sh  image.jpg

It prints the offending tags, and the result of the test, either OK or ERROR.

It only performs the less severe test, the modification for extensive test is obvious.


#!/usr/bin/php
<?php

$f = $argv[1];
$r = checkImageContents($f, false);
echo $r ? "OK\n" : "ERROR\n";
exit;

function checkImageContents($fileName, $extensiveCheck = false) {
        $fp = fopen($fileName, 'rb');

        $prev_chunk = '';
        while (!feof($fp)) {
                $cur_chunk = fread($fp, 8192);

                // Though not exhaustive lists, better safe than sorry.
                if (!empty($extensiveCheck)) {
                        // Paranoid check. Some like it that way.
                        if (preg_match('~(iframe|\\<\\?|\\<%|html|eval|body|script\W|[CF]WS[\x01-\x0C])~i', $prev_chunk . $cur_chunk) === 1) {
                                fclose($fp);
                                return false;
                        }
                } else {
                        // Check for potential infection
                        $matches = array();
                        if (preg_match('~(iframe|html|eval|body|script\W|[CF]WS[\x01-\x0C])~i', $prev_chunk . $cur_chunk, $matches, PREG_OFFSET_CAPTURE, 5) === 1) {
                        print_r($matches);
                                fclose($fp);
                                return false;
                        }
                }
                $prev_chunk = $cur_chunk;
        }
        fclose($fp);
        return true;
}
?>


electric al

 I tried posting a picture one more time , and this time it worked !  :o
Never met a phone I didn't like !

DavePEI

Quote from: electric al on March 31, 2015, 02:24:48 PM
I tried posting a picture one more time , and this time it worked !  :o
There you go. Proof of the pudding. The moral is don't blind yourself toother possibilities.
The Telephone Museum of Prince Edward Island:
http://www.islandregister.com/phones/museum.html
Free Admission - Call (902) 651-2762 to arrange a visit!
C*NET 1-651-0001

dsk

I really dont understand how to use a program like that. But I really have had problems uploading during the last days. I use to use IrfanView and may try to resize to smaller images. 

dsk

dsk

Tried to post pictures re-sized to max length/with (the greatest side) to 1000PX 45 PX/inch.
Works, but is it permanent or just luck?

dsk

andre_janew

My experience has been that re-sizing pictures to a smaller size seems to insure that they will be posted.  The new system seems to like small pictures.  That is what I have found out.