Hi,

I just enabled the Avatars Option at my board due to many requests. I think i've found a bug:

- The settings for the Avatars are: 50x50 max. size, max. file size 20000 bytes.

- If you upload an Avatar in bmp then you can upload everything you want, a 100x100 Pic, a 2 mb bmp and so on.

If this isn't a bug, please post something how i can solve this problem, maybe it is the server fault?!

Update: I tested it on this server with a 2,3 mb bmp file - it works!

Bug Alert ;)

What do you have your maximum avatar file size set to in the control panel?

Can you post details about your server software too please.

John

Originally posted by John
What do you have your maximum avatar file size set to in the control panel?

Can you post details about your server software too please.

John

John, i tested it here too and it works, try it on yourself. Just upload a one mb Bitmap file.

My Server is Suse 7:

Apache 1.3.14
PHP 4.0.4pl1
MySQL 3.23-30 gamma


- The settings for the Avatars are: 50x50 max. size, max. file size 20000 bytes.

As i said.

This is a problem with RedHat 7... the PHP functions to get an image size do not work due to some bug that is beyond our control.

Sorry Chris, i edited from Redhat to Suse, it was my mistake. I mixed it up ;)

I've commited a small change to the CVS - I'll test it later.

John

Chris Schreiber:
This has nothing to do with the OS.

Tested it on Suse, Redhat and FreeBSD.

Originally posted by h4p3
This has nothing to do with the OS.

Sorry I thought it was related to the RedHat 7 problem, John has fixed this in CVS.

Originally posted by Chris Schreiber
Sorry I thought it was related to the RedHat 7 problem, John has fixed this in CVS. Actually there does seems to be an issue with RH7 and getimagesize(), which is what created this issue I believe.

BTW: What is CVS?

Originally posted by h4p3
BTW: What is CVS?

CVS (Concurrent Versions System) A version control system for UNIX that was initially developed as a series of shell scripts in the mid 1980s. CVS maintains the changes between one source code version and another and stores all the changes in one file. It supports group collaboration by merging the files from each programmer.

Ah, i thought it was something only for the vb developers with the same name ;)

is it possible for me to just turn off allowing bmp images for avatars? i've already turned it off for attachments, but waht about avatars?
i have been experiencing this huge avatar phenomenon as reported by my users, but my browser does not display bmps, so the files just never load for me - i'd prefer to just not allow any files other than gif of jpg for avatars - is this possible? waht would i need to do to implement it.

Originally posted by brookelyn
is it possible for me to just turn off allowing bmp images for avatars? i've already turned it off for attachments, but waht about avatars?
i have been experiencing this huge avatar phenomenon as reported by my users, but my browser does not display bmps, so the files just never load for me - i'd prefer to just not allow any files other than gif of jpg for avatars - is this possible? waht would i need to do to implement it.

That doesn't have anything to do with Avatars. Attachments /= Avatars ;)

I think the vb developers are working on this bug, stay tuned.

I wasn't aware that any browser supports bitmaps?

IE does. Even funnier, if you rename a BMP as JPG in IE, IE will still display the image correctly. Weird.

q

Grrreat all my users have discovered that they can upload bitmaps of any size as long as it is under 22k- they are having competitions to see how big they can make their Avatars :(

Any updates for this bug?

same problem here

Is there any fix for this? More and more users are taking advantage of this now :(

No need to have a rude display -- look at the subject; we're hardly ignoring it. (That was re: DVD Plaza's huge avatar. I deleted the post)

As a matter of fact, it is fixed in 2.0.2! (it's pretty extensive so it can't be posted though)

Thx for the info, Ed!

I read through the thread, people were mentioning this bug was causing abuse, I saw NO replies here mentioning anything being done about it, I saw a number of requests asking for any kind of confirmation, still nothing, so I tried reproducing the fault.

I disagree that this was "rude", but apologise anyway and won't bother in future.

Over and out.

As you can see now, it is already fixed. ;)

the thread is now marked fixed but i havent seen a fix anywhere or a new version. or a post in this thread.

Wait, vb will release a new version (2.0.2) soon.

Outside of "When it's ready" can you guys give a vague timetable of the 2.0.2 release? Within 2 weeks, a month, 2 months? I've been holding back on the 2.0.1 upgrade once I saw all the bugs posted here - not that I'm running into them (except this one) - but don't want to keep checking my templates for changes. ;)

Thanks,

-- Daroz

Could someone who has vB installed on an RH7 server the exhibits the problem where variables would be prepended with some sort of whitespace when a <form> was encoded to multipart/form-data (additionally, see below) email me with FTP login details? I've been thinking and the current fix is kludgy and I think I know how to fix getimagesize() on those servers. However, I don't have access to a server that exhibits that problem.

You can tell if your server has this problem if image dimension checks fail on gifs/jpgs (they should work) and/or the above symptom I mentioned. Although we have work arounds for that, so you wouldn't have any problems that would tell you the problem exists.

Thanks! Right now, this is the only thing that I want to hold back 2.0.2 for. (<unofficial>I'd look for 2.0.2 pretty soon after I get this fixed</unofficial>)

Ed,

i'm using Suse 7.0, i will pm you with more Infos on this.

Or, are you just wanted to know if it works on RH Servers too?

The only servers I've found that have the problem are RH7 -- you can test on your own server if you upload a GIF or JPG that is greater than your max avatar dimensions, and it gets let through (getimagesize() failed).

Hm Ed,

I can upload any Images (BMP etc.) in any sizes, tried it on FreeBSD, Suse and i think this one is Redhat?

Hm, strange.

Originally posted by Ed Sullivan
[B]The only servers I've found that have the problem are RH7 -- you can test on your own server if you upload a GIF or JPG that is greater than your max avatar dimensions, and it gets let through (getimagesize() failed). [/

Yep. You are correct as usuall. Just tested on my DI/ IBM eserver which runs a "hardened" version of RH7 and 2.0.1 blocked the upload

HTH

Originally posted by DVD Plaza
I wasn't aware that any browser supports bitmaps?

Er... all browsers support bitmaps :P

Originally posted by Deep Blue


Er... all browsers support bitmaps :P

Not Netscape on a Unix platform. :(

Originally posted by Dave#
Grrreat all my users have discovered that they can upload bitmaps of any size as long as it is under 22k- they are having competitions to see how big they can make their Avatars :(

which is why BUG REPORTS absolutely MUST BE in the new "members area" we've been talking about. There's no reason to allow this out in the open to non-paying members...even moreso than the hacking forum.

Btw, is it already fixed? "Somewhat fixed" doesn't look very promising :)

Originally posted by h4p3
Btw, is it already fixed? "Somewhat fixed" doesn't look very promising :) Yes, it is now, actually. 2.0.2 will be out tomorrow.

k, thx Ed!