View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000711 | XMB Hacks 1.9.x | public | 2024-05-02 16:24 | 2024-05-03 12:09 | |
| Reporter | flushedpancake | Assigned To | |||
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | new | Resolution | open | ||
| Summary | 0000711: Avatar upload hack no longer works | ||||
| Description | Not only does trying to do svn patch not work (it creates broken php files and rejects the whole patch which is annoying), but trying to manually add the stuff just comes up a blank screen. Also the instructions for cp.php refer to lines which no longer exist in the cp.php file it seems. I'm not at my main pc at the moment and I forgot to turn error display back on on localhost after reinstalling linux so I'll fetch that in a bit. | ||||
| Tags | No tags attached. | ||||
|
|
Some other notes: -the avatar uploader doesn't allow you to use 'jpeg', 'jpe' or 'jfif' as an extension, which are perfectly valid JPEG formats (the first one of which is seen on iOS) -webp support should probably be added as the avatar url can handle it just fine -the token it uses is extremely insecure (md5 hashing the username? really?) -for some odd reason, it allows uploading BMP files which won't even be displayed by the browser anyways and will take lots of space up on the server -it should probably do checks if the gd extension is installed and whether the folder is writable - if both of these fail, fallback to the url system instead I shouldn't ramble on too much about the issues, though |
|
|
This makes even less sense now I turned on error display... require ROOT.'include/attach.inc.php'; $attachlimits = ' '.$lang['attachmaxsize'].' '.getSizeFormatted($SETTINGS['maxattachsize']).'. '.$lang['attachmaxdims'].' '.$SETTINGS['max_image_size'].'.'; |
|
|
Also, this causes a crash too: // Avatar Upload Translation if (!isset($lang['avatar_upload'])) { require_once(ROOT.'include/translation.inc.php'); setNewLangValue('avatar_upload', 'Upload Avatar:'); loadLang($langfile); eval($lang['evaloffset']); } However, the code still works properly with the 'eval' removed from what I can tell |
|
|
Oh I forgot to mention that the actual php error in comment 511 is 'call to undefined function'. You know, right after the line telling the system to require the file that includes that very function. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-05-02 16:24 | flushedpancake | New Issue | |
| 2024-05-02 16:29 | flushedpancake | Note Added: 0000510 | |
| 2024-05-03 12:07 | flushedpancake | Note Added: 0000511 | |
| 2024-05-03 12:08 | flushedpancake | Note Added: 0000512 | |
| 2024-05-03 12:09 | flushedpancake | Note Added: 0000513 |
