Difficulties Posting Images

[Airling]

For the last month or two, I've become unable to post images like I used to. Before, if I wanted to post an image off my hard-drive, I would find it in explorer, drag it to the new post box and post it. Recently, everything works well and normal up to the posting bit upon which it fails and does this ▼

Spoiler

<br />
<img src="http://thelifestream.net/forums/data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAoACgAAD/7SvIUGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAAccAgAAAgACADhCSU0EJQAAAAAAEEYM8okmuFbasJw
BobCnkHc4QklNA+0AAAAAABAAoAAAAAEAAgCgAAAAAQACOEJJTQQmAAAAAAAOAAAAAAAAAAAAAD+AA
AA4QklNBA0AAAAAAAQAAAB4OEJJTQQZAAAAAAAEAAAAHjhCSU0D8wAAAAAACQAAAAAAAAAAAQA4QklN
BAoAAAAAAAEAADhCSU0nEAAAAAAACgABAAAAAAAAAAI4QklNA/UAAAAAAEgAL2ZmAAEAbGZmAAYAAAA
AAAEAL2ZmAAEAoZmaAAYAAAAAAAEAMgAAAAEAWgAAAAYAAAAAAAEANQAAAAEALQAAAAYAAAAAAAE
4QklNA/gAAAAAAHAAAP////////////////////////////8D6AAAAAD/////////////////////////////A+gAAAAA/////////////////////////////wPoAAAAAP////////////////////////////8D6AAAOEJJTQQIAAAAAAAQAAAAAQAAAkAAAAJAAAAAADhCSU0EHgAAAAAABA
AAAAA4QklNBBoAAAAAAzsAAAAGAAAAAAAAAAAAAAI+AAACxgAAAAMANwAwADcAAAABAAAAAAAAAAAAA
AAAAAAAAAAAAAEAAAAAAAAAAAAAAsYAAAI+AAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAA
AAAAAEAAAAAEAAAAAAABudWxsAAAAAgAAAAZib3VuZHNPYmpjAAAAAQAAAAAAAFJjdDEAAAAEAAAAAFRvc
CBsb25nAAAAAAAAAABMZWZ0bG9uZwAAAAAAAAAAQnRvbWxvbmcAAAI+AAAAAFJnaHRsb25nAAACxgAAAA
ZzbGljZXNWbExzAAAAAU9iamMAAAABAAAAAAAFc2xpY2UAAAASAAAAB3NsaWNlSURsb25nAAAAAAAAAAdnc
m91cElEbG9uZwAAAAAAAAAGb3JpZ2luZW51bQAAAAxFU2xpY2VPcmlnaW4AAAANYXV0b0dlbmVyYXRlZAAAA
ABUeXBlZW51bQAAAApFU2xpY2VUeXBlAAAAAEltZyAAAAAGYm91bmRzT2JqYwAAAAEAAAAAAABSY3QxAAAA
BAAAAABUb3AgbG9uZwAAAAAAAAAATGVmdGxvbmcAAAAAAAAAAEJ0b21sb25nAAACPgAAAABSZ2h0bG9uZ
wAAAsYAAAADdXJsVEVYVAAAAAEAAAAAAABudWxsVEVYVAAAAAEAAAAAAABNc2dlVEVYVAAAAAEAAAAAA
AZhbHRUYWdURVhUAAAAAQAAAAAADmNlbGxUZXh0SXNIVE1MYm9vbAEAAAAIY2VsbFRleHRURVhUAAAAAQ
AAAAAACWhvcnpBbGlnbmVudW0AAAAPRVNsaWNlSG9yekFsaWduAAAAB2RlZmF1bHQAAAAJdmVydEFsaWdu
ZW51bQAAAA9FU2xpY2VWZXJ0QWxpZ24AAAAHZGVmYXVsdAAAAAtiZ0NvbG9yVHlwZWVudW0AAAARRVNsa
WNlQkdDb2xvclR5cGUAAAAATm9uZQAAAAl0b3BPdXRzZXRsb25nAAAAAAAAAApsZWZ0T3V0c2V0bG9uZwAA
AAAAAAAMYm90dG9tT3V0c2V0bG9uZwAAAAAAAAALcmlnaHRPdXRzZXRsb25nAAAAAAA4QklNBCgAAAAAAAw
AAAABP/AAAAAAAAA4QklNBBQAAAAAAAQAAABAOEJJTQQMAAAAACYJAAAAAQAAAKAAAACBAAAB4AAA8eAAA
CXtABgAAf/Y/+AAEEpGSUYAAQIAAEgASAAA/+0ADEFkb2JlX0NNAAH/7gAOQWRvYmUAZIAAAAAB

I have shortened it, because the accompanying error message is that the post is too long. This isn't the worst thing in the world or urgent really, but I just find it odd.

 

[Fangu]

Haha, I didn't even know you could do that! Did it post as a regular image when it worked, and not an attachment?

And yeah, it seems borked. I thought it might have been related to the "a/A" on the top right corner, but that doesn't seem to matter. Probably a change in the new(er) vB version. (Basically it fails to convert the image data to whatever vB/browser is expecting.)

 

[Lex]

I've edited your post with a spoiler tag, because for some reason that post was page destroying XD

Anyway if I had to guess, it seems like the software is simply giving your image a super long url, and I'm not sure what can be done to prevent that. I didn't even know you could do what you're talking about, in general I upload images to my photobucket account before sharing them here.

EDIT: I've just tried to do what you're describing and it definitely doesn't work for me. It just opens the image in chrome and the address bar reveals the location on my PC. What browser are you using?

 

[Fangu]

^ Re: url, that url is Data URI scheme.

In browsers that fully support Data URIs for "navigation", JavaScript-generated content can be provided as file "download" to the user, simply by setting window.location.href to a Data URI. One example is the conversion of HTML tables to downloadable CSV using a Data URI like this: 'data:text/csv;charset=UTF-8,' + encodeURIComponent(csv), where "csv" has been generated by JavaScript.

= image data is supposed to be passed from browser to the TLS server, and somewhere along the way it fails. Could be server related (access rights*, PHP in vB, vB JS) which I'd guess, as this is a pretty standard thing = I don't think it's a browser bug.

* This would be my first guess

 

[Airling]

@Fangu - When it worked, it worked beautifully. I think this post was the last time it worked. TBH, before I tried it I didn't think it would work either.

@Lex - Thanks. I'm using Firefox atm.

 

[Mage]

Well I'm bummed out for not even knowing this was a thing. Fangu, can you make a tutorial pl0x? Pretty pl0x?

 

[Fangu]

If Yop can get it working again, sure

 

[Telcontar]

How do you guys do this?!

 

[Cthulhu]

I'm pretty sure it's not working because either:

* vB breaks up the data part into chunks, due to long lines. However, the parser shouldn't linebreak BBcodez.
* They disabled this option because of a possible attack vector, but I can't think of any

Also I too never knew this was a thing, . I've had a google around, couldn't even find a description of that feature anywhere :/.

 

[Airling]

We don't. Not anymore.

 

[Cthulhu]

. Anyway, IDK why it broke, I didn't even know it existed :/. Not something I broke on purpose anyway. *shuns responsibility*

 

[Lex]

We don't

I think Airling is the only one that has managed it in the history of... ever.

 

[Airling]

That's right. Don't mess with me.

 

[Cthulhu]

ALL HAIL _0_

 

[Fangu]

I think I might have found something - might be a security update in vB 3.8.8 (or, any version between that and the one we had):

We cannot control how a browser pastes the data. Since the browser is sending a base 64 encoded image, it won't pass though as a real image, for security reasons in vBulletn/CKEditor

vB might have allowed base 64 pasting before, but not now. Sauce

 

[Airling]

Ah! Thanks Fangu. An answer to the mystery!

 

[Fangu]

...hm, now that I think of it - if this really is vB shutting for that function, they would at least have given a message like 'bad file format' upon trying.

Imma keep looking. Interesting topic, this.

Edit: Awrite, fascinating stuff!

It appears both Chrome and Firefox encodes the image to base64 properly. My avatar, for instance, is data:image/gif;base64,iVBORw0KGgoAAAANSUhEUg...... etc, veeery long string. I found out it's right because I checked with this site: http://webcodertools.com/imagetobase64converter and the base64 produced by uploading my avatar is the same Chrome/Firefox produced, and when I put the string into a local html file of type <img src="data:image/gif;base64,iVBORw0KGgoAAAANSU... etc " /> etc, the image is output correctly.

So it must be the server going NOPE at some point. Since vB isn't giving a proper error message, I'm inclined to believe it's PHP/Apache etc (and not vB) doing the NOPEing. Reason for NOPEing being it's easy to sneak in viruses through base64.

So I think it's right to turn off this function completely (if possible) in vB - it shouldn't be used for security reasons, so the function not working is a good conclusion.

 

[Lex]

Ooooo awesome, now we actually know what was going on. It didn't work at all for me though - possibly I was trying to use images that were too large or something.

 

[Cthulhu]

I... dunno, it's quite possible it was disabled / b0rken in a vB version after the one we had before, probably in the advanced editor (CKEditor?) or something. Are older posts with the embedded images still working?

 

[Fangu]

afaik, when the thing works, the pictures are stored into the DB as blobs or whatnot. So pictures already inserted will still be there. It's the uploading/ insert thing that's bork. I think it stopped working for Airling when you upgraded All The Things

 

[Cthulhu]

Well, didn't do it on purpose and I don't know where / what exactly, . Could be it works again if/when we upgrade to VB 5, a proper drag & drop image thing shouldn't be that farfetched a feature.

 

[Fangu]

Except for what that link said about compromising the server through base64.

...nevermind. X)

 

[Telcontar]

How the hell do you run codes on the server, if the blobs are always being read/opened as images?

 

[The Twilight Mexican]

Yeah, this is clearly something that shouldn't be a thing.

Anyway, there's imgur for all your imaging needs.

 

[Cthulhu]

I may need a diagram or something then, . All I'm reading in that link is that vB or other software can't treat it like an image, so I guess it can't run some security checks or transformations on it?