Announcement

Collapse
No announcement yet.

base64 images issue

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • base64 images issue

    I have one user who keeps breaking any thread he replies too when he tries to use an image.

    Somehow, he ends up getting


    [IMG ]http://domain.com/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAeAAAAFoCAIAAAAAVb93AAAgAElEQVR4nGS893Mb57m37z/mzJz3nJPEcZFVbVldorpVKHZSFEmJvVcARO/Yxfa+2L7oBAj23ouaJbnGdmwnsR33xJJINfvM 1000MORE LINES OF BASE CODE HERE[/IMG ]

    into the DB like that.

    The only place i know that serves images like that is google. Where is this even coming from? I've attempted to ask the user but he's not savvy and just says he used the attachment manager.


    This is on 3.8.5, and i'm not upgrading. It's only this one user. Could malware on his client machine be doing this?

  • #2
    Brian,

    I would think the use of the attachment manager would prevent that "image" from even uploading. It should cause an error message that says something like, "not a recognized image format." It also would not be in the format of [IMG]http://domain.com/filename.[/IMG], it would have to be in [attach]1234567[/attach].

    If it is posted between [IMG][/IMG] tags, then you could prevent it by censoring the term base64. Adding that to the censored words list will break the image and cause either nothing to appear in some browsers or a red X to appear in others.

    Base64 can be used to obfuscate PHP and is also used by spammers, among other uses. Do you think the user is more savvy than he seems to be?

    Maybe someone smarter has a solution. Sorry.

    Jim
    If my post was helpful to you, please take the time to register at my forum and ask a question you've always wanted to know about floors.
    www.TheFloorPro.com

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X