Project

General

Profile

Actions
Copy link

Bug #88424

open

Thumbnails of EPS files are not generated anymore

Added by Sebastian Schmal almost 5 years ago. Updated 9 months ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Image Generation / GIFBUILDER
Target version:
-
Start date:
2019-05-23
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
8
PHP Version:
7.0
Tags:
ImageMagick
Complexity:
Is Regression:
Sprint Focus:
On Location Sprint

Description

Hi all,
Hi Oliver Hader,

after the Update from TYPO3 8.7.26 and close the Security-Fix for ImageMagick, so open a new Bug with EPS - Files!
After upload a .eps File Error: (Internal Server Error) Hochladen von Datei "test.eps" fehlgeschlagen!

The Upload works perfect, but no ThumbNail for this File.

In TYPO3 8.7.24 works all fine with EPS Files!

Thanks, Sebastian

Actions
Copy link
 #1

Updated by Georg Ringer almost 5 years ago

  • Project changed from TYPO3 Core to 1716
  • Category deleted (Image Generation / GIFBUILDER)
Actions
Copy link
 #2

Updated by Oliver Hader almost 5 years ago

  • Project changed from 1716 to TYPO3 Core
  • Subject changed from [SECURITY] Enclose file type scope when invoking ImageMagick to Thumbnails of EPS files are not generated anymore
Actions
Copy link
 #3

Updated by Oliver Hader almost 5 years ago

  • Category set to Image Generation / GIFBUILDER
Actions
Copy link
 #4

Updated by Oliver Hader almost 5 years ago

Disallowing PostScript files (PS, EPS, ...) was exactly the scope of the security fix in https://review.typo3.org/c/Packages/TYPO3.CMS/+/60700 since PS instructions would be directly executed by the according interpreter (GhostScript) when being invoked through ImageMagick.

The only thing I could think of is to have a possibility to weaken denied file extensions (like EPS) on a particular context and configured explicitly for a particular TYPO3 instance, e.g.

  • allow EPS rendering in backend file list module
  • still deny EPS rendering for file uploads in some frontend contact form

In case there are alternative suggestions please add them to this ticket. Thx

Actions
Copy link
 #5

Updated by Sebastian Schmal almost 5 years ago

Oliver Hader wrote:

Disallowing PostScript files (PS, EPS, ...) was exactly the scope of the security fix in https://review.typo3.org/c/Packages/TYPO3.CMS/+/60700 since PS instructions would be directly executed by the according interpreter (GhostScript) when being invoked through ImageMagick.

The only thing I could think of is to have a possibility to weaken denied file extensions (like EPS) on a particular context and configured explicitly for a particular TYPO3 instance, e.g.

  • allow EPS rendering in backend file list module
  • still deny EPS rendering for file uploads in some frontend contact form

In case there are alternative suggestions please add them to this ticket. Thx

Hi Oliver, thanks for the answer!
And allow only EPS-Files Update without Thumbnail?
The Upload from EPS works fine, but maybe you can disable the Thumbnail-Image for the Error Message.

Thanks, Sebastian

Actions
Copy link
 #6

Updated by Sebastian Schmal about 4 years ago

Hi, we have the same Problem with the new x-eps Files.
In TYPO3 Version 8.x and 9.x
PHP 7.2

the Config dont help:
[GFX][imagefile_ext] = gif,jpg,jpeg,tif,tiff,bmp,pcx,tga,png,pdf,ai,eps,xeps,x-eps

Actions
Copy link
 #7

Updated by Benni Mack 9 months ago

  • Sprint Focus set to On Location Sprint
Actions
Copy link

Also available in: Atom PDF