As designed No Image-Check when importing

pldcanfly

pldcanfly

Member
As switchers from vb to xenforo we had an issue last night. Our Malware-Scanner reportet an included <?php tag in one of the imported avatars. We stored our avatars in our database before.

While XenForo itself doesn't permit to upload this picture, it was imported. An option to check for invalid pictures would be good if checking while importing produces to much overhead.
 
In this case, it was actually a valid image that was already in your system. We do full image checks when importing so it wouldn't be imported without appearing to be a valid image.

However, we do have an extra check on any uploaded image for the "<?php" string, though this is mostly to attempt to (partially) workaround a security issue that comes from a server misconfiguration. This issue is moot on most servers; it's a specific Nginx configuration (generally well documented). We just provide an extra layer of protection against it, at the expense of a theoretical false positive.
 

Similar threads

P
Unknown or bad timezone (Europe/Zaporozhye) when importing from Discourse
Replies
0
Views
72
Paul B
P
newbNox
  • Solved
XF 2.2 Xenforo / Cloudflare timeout when importing style
Replies
6
Views
629
newbNox
newbNox
K
XFI: vBulletin - Variable placeholders are not converted when importing notices
Replies
0
Views
502
Kirby
K
BubbaLovesCheese
As designed Error when importing BMP avatars through the API
Replies
1
Views
558
Mike
Mike
R
  • Question Question
XF 2.2 errors when importing from mybb 1.8 data to xenforo 2.2.2
Replies
5
Views
442
Mike
Mike
Back
Top Bottom