Bug #88424
openThumbnails of EPS files are not generated anymore
0%
Description
Hi all,
Hi Oliver Hader,
after the Update from TYPO3 8.7.26 and close the Security-Fix for ImageMagick, so open a new Bug with EPS - Files!
After upload a .eps File Error: (Internal Server Error) Hochladen von Datei "test.eps" fehlgeschlagen!
The Upload works perfect, but no ThumbNail for this File.
In TYPO3 8.7.24 works all fine with EPS Files!
Thanks, Sebastian
Updated by Georg Ringer over 5 years ago
- Project changed from TYPO3 Core to 1716
- Category deleted (
Image Generation / GIFBUILDER)
Updated by Oliver Hader over 5 years ago
- Project changed from 1716 to TYPO3 Core
- Subject changed from [SECURITY] Enclose file type scope when invoking ImageMagick to Thumbnails of EPS files are not generated anymore
Updated by Oliver Hader over 5 years ago
- Category set to Image Generation / GIFBUILDER
Updated by Oliver Hader over 5 years ago
Disallowing PostScript files (PS, EPS, ...) was exactly the scope of the security fix in https://review.typo3.org/c/Packages/TYPO3.CMS/+/60700 since PS instructions would be directly executed by the according interpreter (GhostScript) when being invoked through ImageMagick.
The only thing I could think of is to have a possibility to weaken denied file extensions (like EPS) on a particular context and configured explicitly for a particular TYPO3 instance, e.g.
- allow EPS rendering in backend file list module
- still deny EPS rendering for file uploads in some frontend contact form
In case there are alternative suggestions please add them to this ticket. Thx
Updated by Sebastian Schmal over 5 years ago
Oliver Hader wrote:
Disallowing PostScript files (PS, EPS, ...) was exactly the scope of the security fix in https://review.typo3.org/c/Packages/TYPO3.CMS/+/60700 since PS instructions would be directly executed by the according interpreter (GhostScript) when being invoked through ImageMagick.
The only thing I could think of is to have a possibility to weaken denied file extensions (like EPS) on a particular context and configured explicitly for a particular TYPO3 instance, e.g.
- allow EPS rendering in backend file list module
- still deny EPS rendering for file uploads in some frontend contact form
In case there are alternative suggestions please add them to this ticket. Thx
Hi Oliver, thanks for the answer!
And allow only EPS-Files Update without Thumbnail?
The Upload from EPS works fine, but maybe you can disable the Thumbnail-Image for the Error Message.
Thanks, Sebastian
Updated by Sebastian Schmal over 4 years ago
Hi, we have the same Problem with the new x-eps Files.
In TYPO3 Version 8.x and 9.x
PHP 7.2
the Config dont help:
[GFX][imagefile_ext] = gif,jpg,jpeg,tif,tiff,bmp,pcx,tga,png,pdf,ai,eps,xeps,x-eps