Jump to content

Community

Imageproxy breaks SVG image links


Makoto
 Share

Go to solution Solved by bfarber,

Recommended Posts

Demonstration:

badge.svg

Original link:

http://slack.taiga.sh/badge.svg

 

The reason this fails is because \IPS\Image cannot validate SVG images. The current method you are using attempts to validate images using hex signatures,

		$signatures = array(
			'gif'	=> array(
				'47' . '49' . '46' . '38' . '37' . '61',
				'47' . '49' . '46' . '38' . '39' . '61'
			),
			'jpeg'	=> array(
				'ff' . 'd8' . 'ff'
			),
			'png'	=> array(
				'89' . '50' . '4e' . '47' . '0d' . '0a' . '1a' . '0a'
			)
		);	

However, considering SVG is just XML and.. as far as I can tell, really has no solid standard you can reference for validation, I'm not sure how you'd prefer to handle this.

But basically, to reproduce, just link an svg image (feel free to use mine above) in a post and submit it with image proxy enabled.

The image link will first throw a 502 error in imageproxy.php at line 80, then 404's after that since it's still stored in the core_image_proxy table with NULL as its location (and thus, the images remain broken on sites with Imageproxy enabled).

Link to comment
Share on other sites

  • 10 months later...

Bumping as this issue can still arise. See the badge's here as an example:

GitHub GitHub tag (latest by date) GitHub issues GitHub last commit

In this case the issue is Github badges do not have file extensions, so you'll have to check the mimetype instead of just relying on the file extension to prevent these from being parsed.

Edited by Makoto
Link to comment
Share on other sites

Also, the way you're currently handling URL's to parse extensions does not account for query strings. E.g,

ips-dev-helper.svg?label=release

Does not work. But,

ips-dev-helper.svg

Does.

If you're just checking for SVG, you should be only grabbing the first three characters are the ., not everything. But really, just checking the headers/mimetype is overall a better and more reliable solution. Image links do not always have have valid extensions (and they're not required to, they only need valid mimetypes).

Edited by Makoto
Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy