Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+1 vote
631 views
in Q2A Core by
edited by

If users choose really big avatar files, this can lead to a crash of Q&A without any error message --> just a white screen.

The reason is the php function "$inimage=@imagecreatefromstring($imagedata);" used in qa-util-imgage.php.

The image is uncompressed converted in a variable to be stored in the database.
If the image size is bigger than the php memory limit (memory_limit) this leads to a memory overflow - and a white, blank screen for the user :(

[ x_size * y_size * bpp > memory_limit ]

To avoid this a modification in qa-page-account.php to check  the uncompressed (!) picture size of the uploaded avatar pic can help:

original:

if (is_array(@$_FILES['file']) && $_FILES['file']['size'])
  if (!qa_set_user_avatar($qa_login_userid, file_get_contents( _
                  $_FILES['file']['tmp_name']), $useraccount['avatarblobid']))
    $errors['avatar']=qa_lang_sub('users/avatar_not_read', implode( _
                   ', ', qa_gd_image_formats()));

 

modification:

if (is_array(@$_FILES['file']) && $_FILES['file']['size']){
  //check image-size to prevent memory overrun
  $t_imgsize=getimagesize($_FILES['file']['tmp_name']);
  //
uncompressed image larger than standard php memory_limit 128M
  if (($t_imgsize[0] * $t_imgsize[1] * $t_imgsize['bits'] * $t_imgsize['channels'] / 8) _
     > 100000000){
    $errors['avatar']='image too big, please choose a smaller...';
  }else{
    if (!qa_set_user_avatar($qa_login_userid, file_get_contents( _
                   $_FILES['file']['tmp_name']), $useraccount['avatarblobid']))
      $errors['avatar']=qa_lang_sub('users/avatar_not_read', implode( _
                     ', ', qa_gd_image_formats()));
  }
}

You'll have to adjust the memory-limit to your individual setting of memory_limit in your php.ini !  Best way of cause is to retrieve the memory_limit online like described here: http://php.net/manual/en/function.ini-get.php

!  attention: there are three line breaks due to the editor in the code which must be deleted again:
     they are marked with the descender symbol  " _ "

 

1 Answer

+1 vote
by
 
Best answer

Thanks for posting this - it's a good idea. I'll redo the same idea as a library function in qa-util-image.php and make sure it's checked everywhere appropriate.

...