Contrib.social

Users are able to upload 0-byte images

Open on Drupal.org β†’
Created on 26 September 2014, about 10 years ago
Updated 5 December 2023, about 1 year ago

Problem/Motivation

We recently found a user had uploaded a 0-byte JPG file, which was considered valid because it had the correct file extension. However, thumbnails could not be generated, so even on the file upload widget a broken image was shown. Viewing the URL for the thumbnail shows the message "Error generating image."

I feel this is an error that should be caught during file upload and field validation. image_get_info returns FALSE for 0-byte files and files that can't be parsed. We should check the value of this function and if it returns FALSE, return a field validation error and remove the uploaded file.

Steps to reproduce

Upload an image file of zero bytes or an invalid image file, a text file renamed with an image extension.

Proposed resolution

Validate that the file is an image.

After screenshots
File of 0 bytes, image-empty.png

Text file rename to a .png file, image-wrong.png

Remaining tasks

Review
Commit

User interface changes

Error message when uploading an invalid image

πŸ› Bug report
Status

Fixed

Version

7.0 ⚰️

Component
Image systemΒ  β†’

Last updated 1 day ago

Created by

πŸ‡ΊπŸ‡ΈUnited States thirdender

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024