Geeklog Forums

Dear "Headless", please learn to read or simply refuse to comment any further ... To quote myself from above:
And, again, the quote from Blaine was about something else - but I already wrote that above, too.

bye, Dirk

Shall this go on and on until I am proved liar

To quote from Blaine from the same post :
There is for example an exploit where a user may upload HTML code that is embedded in a image file and could execute a cross site script.
An user named Lopez asked ( to which there was no reply )
Thanks Blaine. Actually core GL does NOT always filter this out, for example
the profile page allows user photo upload. By the same logic as yours an user
may use this for exploit !!
Thus it is not quite logical to me as to what you say. BTW how does gallery
scripts handle the security issue then ??

That keeps you wondering : what ! HTML code embedded in an image file ! and how it can be embedded in an image attached with a story and not with a profile 8)

This is yet another issue (and one that I was already hinting at with the "There is no security issue here (at least not more than with the upload of userphotos)" remark above.

You can embed PHP in images. If you then somehow manage to run those images through the PHP interpreter, you have a security issue. But that requires another vulnerability in the software - so as long as you don't have that, PHP in image files is not an issue (I don't think there's a problem with embedded HTML - but I've learned never to say "never" when it comes to security issues ...).

I would be more worried about denial of service-type issues with the image upload in stories (as opposed to the userphoto, of which there is only one and it requires an account). Or someone uploading porn or copyrighted stuff ...

Are we done now or do you have any other quotes that you want to blow completely out of proportion?

bye, Dirk

Headless, your latest posts were rejected as spam due to the use of the word "porno". I have removed that word from our blacklist now. Sorry about that.

I'm reproducing your first rejected post below:

I meant allowing users **with account** but not giving them any special rights to
attach at least one image with story submission. Copyright icons or porno miniatures or code or whatever can still be uploaded via user photo if someone wants so acc to you, since it is after all an image !! Thus the search for logic in what GL does w.r.t is still on !

I do not think I have blown anything **out of proportion ** and to the core-member who made a post mimicking my name and to others, just to remind that this is a **feedback** forum.

Whether we are done or not is absolutley the decision of respectable core and registered members.
So cheers and enjoy your sunday 8)

I don't get it. Everything has already been explained to you above - repeatedly and in painstaking detail. And you're wondering why people don't take you seriously or consider you a troll?

bye, Dirk