Welcome Guest! You need to login or register to make posts.

Notification

Icon
Error

Options
Go to last post Go to first unread
floorplanonline  
#1 Posted : Monday, July 1, 2013 3:25:06 AM(UTC)
floorplanonline

Rank: Newbie

Groups: Member
Joined: 11/10/2009(UTC)
Posts: 7

Flash uploader doesn't work if configured to send thumbnails and Suhosin is installed on the server.
Allowing null bytes in the suhosin config doesn't solve the problem. Any suggestions except disabling Suhosin?

The behavior is exactly the same as outlined below

http://forums.aurigma.co...not-uploaded-in-PHP.aspx
vitaly  
#2 Posted : Monday, July 1, 2013 4:17:40 AM(UTC)
vitaly

Rank: Advanced Member

Groups: Member
Joined: 12/19/2012(UTC)
Posts: 164

Was thanked: 8 time(s) in 8 post(s)
Hello,

Did you try to upload images without using Suhosin? Does uploader work fine without Suhosin?
Best regards,
Vitaly Kustov
Aurigma Technical Support
floorplanonline  
#3 Posted : Monday, July 1, 2013 6:52:27 AM(UTC)
floorplanonline

Rank: Newbie

Groups: Member
Joined: 11/10/2009(UTC)
Posts: 7

vitaly wrote:
Hello,

Did you try to upload images without using Suhosin? Does uploader work fine without Suhosin?


Yes, disabling Suhosin make it possible to upload thumbnails. Is there a better alternative? Disabling Suhosin opens a whole range of security issues and we wouldn't like to do it.
vitaly  
#4 Posted : Monday, July 1, 2013 9:06:41 PM(UTC)
vitaly

Rank: Advanced Member

Groups: Member
Joined: 12/19/2012(UTC)
Posts: 164

Was thanked: 8 time(s) in 8 post(s)
Hi,

I think we should detect a reason of the problem if you don't want to disable Suhosin. Could you please create a test page for me, where I can try to use uploader on your server? Also, I will need to see the server log.
Best regards,
Vitaly Kustov
Aurigma Technical Support
floorplanonline  
#5 Posted : Tuesday, July 2, 2013 12:40:17 AM(UTC)
floorplanonline

Rank: Newbie

Groups: Member
Joined: 11/10/2009(UTC)
Posts: 7

Here is the link to a sample from aurigma.com

http://test.vifp.com/new...hotoUploadDemo/index.php

Please make sure you use Flash uploader because the page auto detects the browser and uses HTML5 uploader for modern browsers.

Not sure how to provide access to the log files. I guess if you tell your IP address I can filter by IP and send the log to you
vitaly  
#6 Posted : Tuesday, July 2, 2013 2:03:21 AM(UTC)
vitaly

Rank: Advanced Member

Groups: Member
Joined: 12/19/2012(UTC)
Posts: 164

Was thanked: 8 time(s) in 8 post(s)
floorplanonline,

Unfortunately, I don't have browser, that doesn't support html5. Could you please set ImageUploaderFlash.Type property to "flash|html" so I could test flash version of uploader.
Regarding the logs, you can send me them to v.kustov@aurigma.com after I will try to test uploader. However, if you can provide me access I would be happy. My IP: 46.50.180.202.

About ImageUploaderFlash.Type: http://www.aurigma.com/d...geUploaderFlash_Type.htm

Please let me know when I can test uploader.
Best regards,
Vitaly Kustov
Aurigma Technical Support
floorplanonline  
#7 Posted : Wednesday, July 3, 2013 3:58:58 AM(UTC)
floorplanonline

Rank: Newbie

Groups: Member
Joined: 11/10/2009(UTC)
Posts: 7

You can use this link that has only Flash uploader enabled
http://test.vifp.com/upl...hotoUploadDemo/index.php
vitaly  
#8 Posted : Wednesday, July 3, 2013 4:16:41 AM(UTC)
vitaly

Rank: Advanced Member

Groups: Member
Joined: 12/19/2012(UTC)
Posts: 164

Was thanked: 8 time(s) in 8 post(s)
Hi,

Ok, I reproduced the problem.
I need to see log files of your server.
Best regards,
Vitaly Kustov
Aurigma Technical Support
floorplanonline  
#9 Posted : Monday, July 8, 2013 2:31:13 AM(UTC)
floorplanonline

Rank: Newbie

Groups: Member
Joined: 11/10/2009(UTC)
Posts: 7

Here is what is there in our access log file. Error log doesn't seem to have anything regarding this

Code:
[root@varnish nginx]# cat access.log.1|grep 46.50.180.202
46.50.180.202 - - [02/Jul/2013:03:04:04 -0700] "GET /new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript/ImageUploadDemo/ResizedPhotoUploadDemo/index.php HTTP/1.1" 200 2289 "http://forums.aurigma.com/yaf_postst5409.aspx" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [02/Jul/2013:03:04:04 -0700] "GET /new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript//Styles/style.css HTTP/1.1" 200 2386 "http://test.vifp.com/new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [02/Jul/2013:03:04:04 -0700] "GET /new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript//Libraries/jquery/jquery-1.4.3.min.js HTTP/1.1" 200 26730 "http://test.vifp.com/new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [02/Jul/2013:03:04:04 -0700] "GET /new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript/Scripts/css/aurigma.htmluploader.control.css HTTP/1.1" 200 5600 "http://test.vifp.com/new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [02/Jul/2013:03:04:04 -0700] "GET /new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript/Scripts/aurigma.imageuploaderflash.min.js HTTP/1.1" 200 11049 "http://test.vifp.com/new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [02/Jul/2013:03:04:05 -0700] "GET /new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript/Scripts/aurigma.htmluploader.control.js HTTP/1.1" 200 53255 "http://test.vifp.com/new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [02/Jul/2013:03:04:05 -0700] "GET /new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript//Images/bg.png HTTP/1.1" 200 35938 "http://test.vifp.com/new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [02/Jul/2013:03:04:05 -0700] "GET /new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript//Images/logo_dark.png HTTP/1.1" 200 4611 "http://test.vifp.com/new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [02/Jul/2013:03:04:06 -0700] "GET /new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript//Images/sidebar_bg.gif HTTP/1.1" 200 251 "http://test.vifp.com/new_reg_and_order_form/uploader_samples/PHP/Samples_ImageUploaderFlashJavaScript/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [02/Jul/2013:03:04:06 -0700] "GET /favicon.ico HTTP/1.1" 200 5430 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [02/Jul/2013:03:04:18 -0700] "-" 400 0 "-" "-"
46.50.180.202 - - [03/Jul/2013:05:18:49 -0700] "GET /upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/index.php HTTP/1.1" 200 2252 "http://forums.aurigma.com/yaf_postst5409.aspx" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:18:49 -0700] "GET /upload_test/JS//Styles/style.css HTTP/1.1" 200 2386 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:18:49 -0700] "GET /upload_test/JS/Scripts/css/aurigma.htmluploader.control.css HTTP/1.1" 200 5600 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:18:49 -0700] "GET /upload_test/JS/Scripts/aurigma.imageuploaderflash.min.js HTTP/1.1" 200 11056 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:18:49 -0700] "GET /upload_test/JS//Libraries/jquery/jquery-1.4.3.min.js HTTP/1.1" 200 26730 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:18:50 -0700] "GET /upload_test/JS/Scripts/aurigma.htmluploader.control.js HTTP/1.1" 200 53255 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:18:51 -0700] "GET /upload_test/JS//Images/logo_dark.png HTTP/1.1" 200 4611 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:18:51 -0700] "GET /upload_test/JS//Images/bg.png HTTP/1.1" 200 35938 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:18:51 -0700] "GET /upload_test/JS//Images/sidebar_bg.gif HTTP/1.1" 200 251 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:18:55 -0700] "GET /upload_test/JS/Scripts/aurigma.imageuploaderflash.swf HTTP/1.1" 200 580645 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:19:00 -0700] "-" 400 0 "-" "-"
46.50.180.202 - - [03/Jul/2013:05:19:09 -0700] "POST /upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/upload.php HTTP/1.1" 200 21 "http://test.vifp.com/upload_test/JS/Scripts/aurigma.imageuploaderflash.swf" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:19:09 -0700] "GET /upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/gallery.php HTTP/1.1" 200 2096 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/index.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:19:10 -0700] "GET /upload_test/JS/Libraries/fancybox/jquery.fancybox-1.3.1.css HTTP/1.1" 200 1525 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/gallery.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:19:10 -0700] "GET /upload_test/JS/Libraries/fancybox/jquery.fancybox-1.3.1.pack.js HTTP/1.1" 200 5159 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/gallery.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:19:10 -0700] "GET /upload_test/JS/UploadedFiles/Thumbnails/11111.jpg_Thumbnail0.jpg HTTP/1.1" 200 4 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/gallery.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:19:13 -0700] "GET /upload_test/JS/Libraries/fancybox/fancybox-x.png HTTP/1.1" 200 203 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/gallery.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:19:13 -0700] "GET /upload_test/JS/Libraries/fancybox/fancybox.png HTTP/1.1" 200 15287 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/gallery.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:19:13 -0700] "GET /upload_test/JS/Libraries/fancybox/fancybox-y.png HTTP/1.1" 200 176 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/gallery.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:19:13 -0700] "GET /upload_test/JS/Libraries/fancybox/blank.gif HTTP/1.1" 200 43 "http://test.vifp.com/upload_test/JS/ImageUploadDemo/ResizedPhotoUploadDemo/gallery.php" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
46.50.180.202 - - [03/Jul/2013:05:19:30 -0700] "-" 400 0 "-" "-"
vitaly  
#10 Posted : Monday, July 8, 2013 4:10:30 AM(UTC)
vitaly

Rank: Advanced Member

Groups: Member
Joined: 12/19/2012(UTC)
Posts: 164

Was thanked: 8 time(s) in 8 post(s)
Hello,

Thanks for the log information.
Most likely, Suhosin filters data or part of data in POST request, which contains files. I think must be way to disable the filter only for the uploader and enable it for other senders.
Also, we should make sure, that files really missing in the POST data. Please check that $_POST is empty in upload.php file. For example like here:
upload.php
Code:

<?php
ob_start();
print_r($_POST);
file_put_contents("file.txt", ob_get_clean());
// .... other code

After this we can see POST data in file.txt after upload.
Best regards,
Vitaly Kustov
Aurigma Technical Support
floorplanonline  
#11 Posted : Tuesday, July 9, 2013 6:41:17 AM(UTC)
floorplanonline

Rank: Newbie

Groups: Member
Joined: 11/10/2009(UTC)
Posts: 7

vitaly  
#12 Posted : Tuesday, July 9, 2013 8:40:07 PM(UTC)
vitaly

Rank: Advanced Member

Groups: Member
Joined: 12/19/2012(UTC)
Posts: 164

Was thanked: 8 time(s) in 8 post(s)
Hi,

Thanks a lot!
As far as I can see server really receive POST data. However, POST["File0_0"] doesn't contains file. I think it happens because suhosin filter the POST variable by max value length.

I tried to google and found the params suhosin.post.max_value_length and suhosin.request.max_value_length (http://www.hardened-php.net/suhosin/configuration.html). Default value for the params is 65000. Of course, images are bigger than 65000. Could you try to play with the params (to increase)?

I hope this helps.
Best regards,
Vitaly Kustov
Aurigma Technical Support
floorplanonline  
#13 Posted : Friday, July 12, 2013 6:44:49 AM(UTC)
floorplanonline

Rank: Newbie

Groups: Member
Joined: 11/10/2009(UTC)
Posts: 7

It is not a problem with the post.max_value setting. We get the first 4 bytes of the file so even if there is a limit of 65Kb (in our case it is set to 1Mb) it shouldn't be the cause. The htaccess setting doesn't work as well because it is not possible to turn off Suhosin completely using this approach (only to put it into simulation mode which doesn't solve the problem).

As far as I can see the only work around is to disable Suhosin completely which is not a solution for any real project. Is there any chance you guys can make it work with Suhosin? For example by encoding the file using base64 to avoid sending null bytes?
vitaly  
#14 Posted : Monday, July 15, 2013 12:25:57 AM(UTC)
vitaly

Rank: Advanced Member

Groups: Member
Joined: 12/19/2012(UTC)
Posts: 164

Was thanked: 8 time(s) in 8 post(s)
Hello,

Unfortunately we don't have any specialists who is savvy with Suhosin configuring. I think contacting their tech support might be helpful.
Important thing you should know about the difference between requests. In standard request the field containing uploaded file has this header:
Code:
Content-Disposition: form-data; name="File1_0"; filename="upload1.jpg"

And Image Uploader Flash when sending thumbnails (when one of your converters has Thumbnail mode) generated the request with such header:
Code:
Content-Disposition: form-data; name="File1_0"; filenam_="upload1.jpg"

The difference is in filenam_ instead of filename. With such header the request field is recognized as text field, but not the field with file.

I hope this makes sense.
If you have any additional questions please feel free to contact me.
Best regards,
Vitaly Kustov
Aurigma Technical Support
webdeveloper1011  
#15 Posted : Monday, May 5, 2014 12:59:56 AM(UTC)
webdeveloper1011

Rank: Newbie

Groups: Member
Joined: 4/21/2014(UTC)
Posts: 1

Hi ,

I have the same problem , thumbnails with flash are not working , Do you guys found any solution to this problem ?
Andrew  
#16 Posted : Friday, September 12, 2014 7:08:29 AM(UTC)
Andrew

Rank: Advanced Member

Groups: Member, Administration
Joined: 8/2/2003(UTC)
Posts: 870

Thanks: 2 times
Was thanked: 26 time(s) in 26 post(s)
Yes, please check out the reply #4 here: http://forums.aurigma.co...h-uploads-corrupted.aspx
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.