Support Forum
Support Forum
Offline
Do you know of any workaround for this?
Thanks.
Offline
Personally no. Mr papa might have an idea - and he will be along at some time - but I somehow doubt it. If getinagesize() is unable to operate it will return a warning or notice.
The simplistic asnwer, of course, is to turn allow_url_fopen on. Is there a good reason for needing it to be off?
 |
YELLOW
SWORDFISH
|
Offline
Yellow Swordfish said
Personally no. Mr papa might have an idea - and he will be along at some time - but I somehow doubt it. If getinagesize() is unable to operate it will return a warning or notice.The simplistic asnwer, of course, is to turn allow_url_fopen on. Is there a good reason for needing it to be off?
Pretty well known security issues. Our NOC has it off on all of the servers. It can be turned on, on a case-by-case basis, but they discourage it, and not for frivolous reasons. The Show Uploads dialogue still operates, it just has the notices in among the stuff you're looking to interact with. It'll confuse a bunch of people unfamiliar with what it means. If I could figure a way to suppress them only in that location, that would be something of a solution.
Offline
I dont there is any reason to use a url wrapper there... seems like in the plugin sp-uploads-viewer-display.php file, at line 41 (where the getimagesize() is called), we should be able to replace $file with $_POST['dir'] and get the same operation...
give it a try if you want...
I will open a ticket for further research and testing...
Visit Cruise Talk Central and Mr Papa's World
Offline
Setting that line to:
$imgInfo = getimagesize(htmlentities($_POST['dir'].$file));
works perfectly. Thank You!
Offline
thanks... still need to check for sanitization and security of that change but should cover you until we can update the plugin...
Visit Cruise Talk Central and Mr Papa's World
All RSS1 Guest(s)