Search the Community
Showing results for tags 'forbidden access'.
Found 1 result
-
Hello everyone, I've run into a issue with the way Processwire renames resized files in our company host provider. Basically, this pattern: myfile.0x120.png, conflicts with their security policy which they tag with the following classification: [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] So, somehow, when requesting a file with the pattern above, the server mistakes it for a malicious request and throws a 403 Forbidden Access. The quickest solution I've found for this was to dive into the Pageimage::size method and replace the characters used in the resized file name. Instead of using double periods in the name file, I've replaced everything with the '-' (hyphen) character and now looks like this: myfile-0-120.png. $basename .= '-' . $width . '-' . $height . "." . $this->ext(); // i.e. myfile-100-100.jpg It's not the prettiest pattern and I liked the older one better but that's secondary. The main issue here is that this change is basically an hack and feels dirty changing core methods, but it was the quickest solution I've thought of. What are your feelings on this?
