Contrib.social

Users are able to upload 0-byte images

Open on Drupal.org β†’
Created on 26 September 2014, over 10 years ago
Updated 5 December 2023, about 1 year ago

Problem/Motivation

We recently found a user had uploaded a 0-byte JPG file, which was considered valid because it had the correct file extension. However, thumbnails could not be generated, so even on the file upload widget a broken image was shown. Viewing the URL for the thumbnail shows the message "Error generating image."

I feel this is an error that should be caught during file upload and field validation. image_get_info returns FALSE for 0-byte files and files that can't be parsed. We should check the value of this function and if it returns FALSE, return a field validation error and remove the uploaded file.

Steps to reproduce

Upload an image file of zero bytes or an invalid image file, a text file renamed with an image extension.

Proposed resolution

Validate that the file is an image.

After screenshots
File of 0 bytes, image-empty.png

Text file rename to a .png file, image-wrong.png

Remaining tasks

Review
Commit

User interface changes

Error message when uploading an invalid image

πŸ› Bug report
Status

Fixed

Version

7.0 ⚰️

Component
Image systemΒ  β†’

Last updated about 18 hours ago

Created by

πŸ‡ΊπŸ‡ΈUnited States thirdender

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024