Bug #88424

Thumbnails of EPS files are not generated anymore

Added by Sebastian Schmal over 2 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Image Generation / GIFBUILDER
Target version:
-
Start date:
2019-05-23
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
8
PHP Version:
7.0
Tags:
ImageMagick
Complexity:
Is Regression:
Sprint Focus:

Description

Hi all,
Hi Oliver Hader,

after the Update from TYPO3 8.7.26 and close the Security-Fix for ImageMagick, so open a new Bug with EPS - Files!
After upload a .eps File Error: (Internal Server Error) Hochladen von Datei "test.eps" fehlgeschlagen!

The Upload works perfect, but no ThumbNail for this File.

In TYPO3 8.7.24 works all fine with EPS Files!

Thanks, Sebastian

#1

Updated by Georg Ringer over 2 years ago

  • Project changed from TYPO3 Core to 1716
  • Category deleted (Image Generation / GIFBUILDER)
#2

Updated by Oliver Hader over 2 years ago

  • Project changed from 1716 to TYPO3 Core
  • Subject changed from [SECURITY] Enclose file type scope when invoking ImageMagick to Thumbnails of EPS files are not generated anymore
#3

Updated by Oliver Hader over 2 years ago

  • Category set to Image Generation / GIFBUILDER
#4

Updated by Oliver Hader over 2 years ago

Disallowing PostScript files (PS, EPS, ...) was exactly the scope of the security fix in https://review.typo3.org/c/Packages/TYPO3.CMS/+/60700 since PS instructions would be directly executed by the according interpreter (GhostScript) when being invoked through ImageMagick.

The only thing I could think of is to have a possibility to weaken denied file extensions (like EPS) on a particular context and configured explicitly for a particular TYPO3 instance, e.g.

  • allow EPS rendering in backend file list module
  • still deny EPS rendering for file uploads in some frontend contact form

In case there are alternative suggestions please add them to this ticket. Thx

#5

Updated by Sebastian Schmal over 2 years ago

Oliver Hader wrote:

Disallowing PostScript files (PS, EPS, ...) was exactly the scope of the security fix in https://review.typo3.org/c/Packages/TYPO3.CMS/+/60700 since PS instructions would be directly executed by the according interpreter (GhostScript) when being invoked through ImageMagick.

The only thing I could think of is to have a possibility to weaken denied file extensions (like EPS) on a particular context and configured explicitly for a particular TYPO3 instance, e.g.

  • allow EPS rendering in backend file list module
  • still deny EPS rendering for file uploads in some frontend contact form

In case there are alternative suggestions please add them to this ticket. Thx

Hi Oliver, thanks for the answer!
And allow only EPS-Files Update without Thumbnail?
The Upload from EPS works fine, but maybe you can disable the Thumbnail-Image for the Error Message.

Thanks, Sebastian

#6

Updated by Sebastian Schmal almost 2 years ago

Hi, we have the same Problem with the new x-eps Files.
In TYPO3 Version 8.x and 9.x
PHP 7.2

the Config dont help:
[GFX][imagefile_ext] = gif,jpg,jpeg,tif,tiff,bmp,pcx,tga,png,pdf,ai,eps,xeps,x-eps

Also available in: Atom PDF