As designed No Image-Check when importing

pldcanfly

pldcanfly

Member
As switchers from vb to xenforo we had an issue last night. Our Malware-Scanner reportet an included <?php tag in one of the imported avatars. We stored our avatars in our database before.

While XenForo itself doesn't permit to upload this picture, it was imported. An option to check for invalid pictures would be good if checking while importing produces to much overhead.
 
In this case, it was actually a valid image that was already in your system. We do full image checks when importing so it wouldn't be imported without appearing to be a valid image.

However, we do have an extra check on any uploaded image for the "<?php" string, though this is mostly to attempt to (partially) workaround a security issue that comes from a server misconfiguration. This issue is moot on most servers; it's a specific Nginx configuration (generally well documented). We just provide an extra layer of protection against it, at the expense of a theoretical false positive.
 

Similar threads

Nulumia
Add-on A Look At The Upcoming Public Release of SEO & Index Tools
2 3
Replies
46
Views
10K
Forsaken
Forsaken
Zig
XF 2.1 XG2XFMG importer with [bd]AttachmentStore
Replies
0
Views
365
Zig
Zig
AddonsLab
As designed Unable to add a breadcrumb item that links to the current page
Replies
2
Views
549
Chris D
Chris D
Robbo
XenPlus - the XenForo developer helper library
Replies
3
Views
3K
Robbo
Robbo
Dion Sune Jensen
Add-on Extensive YouTube functionality
Replies
8
Views
2K
russoroni
russoroni
Top Bottom