"Supported file types are JPG, PNG and GIF" when uploading jpg, png or gif

[porteros13]

I've seen there's a similar Issue but with WebM, but I don't know if the solution is different in this case...

When i try to upload an image (I tried with many different images in jpg, png or gif) I get this error "Supported file types are JPG, PNG and GIF"...

Any ideas?

[Wqer555]

Do you have webm uploading enabled in the settings? Here's two bits of code you can use to debug.

https://github.com/tslocum/TinyIB/blob/master/settings.default.php#L35

TinyIB/inc/html.php

Line 49 in b2c0b69

function supportedFileTypes() {

Under the post form there should be a list of allowed file types. Is webm one of them?

[porteros13]

Hi again and thanks for the reply!

I'm not an expert in php as you can see hehe. But yeah, I've checked the settings.php lots of times and everything is written like the code you sent me. I've been making sure the WebM option is not enabled (in fact I don't want to upload WebM). Just jpg, png and gif.

I've investigating but at the moment I didn't find a solution :(

[tslocum]

After this line:

TinyIB/imgboard.php

Line 162 in b2c0b69

$file_mime_split = explode(' ', trim(@shell_exec('file --mime-type ' . $_FILES['file']['tmp_name'])));

Add: echo shell_exec('file --mime-type ' . $_FILES['file']['tmp_name']);die(); and try uploading an image. Please paste the output here.

[porteros13]

Sorry for the late reply.
Here it is what I get when added what the line u told me in imgboard.php and uploaded image later:

Warning: shell_exec() has been disabled for security reasons in /usr/home/dlastframe.com/web/boards/imgboard.php on line 163

What does it mean?

Thanks

[Wqer555]

Your installation of PHP is disabling the shell_exec function. Under some circumstances, it can lead to a remote code execution vulnerability, especially if unfiltered user input is passed into it.

Try this: echo mime_content_type($_FILES['file']['tmp_name']); die();

[porteros13]

Hi Wquer555, this is what I get:

image/jpeg

[Wqer555]

That looks correct.

Try replacing
$file_mime = $file_info['mime'];
with
$file_mime = mime_content_type($file_location);

[porteros13]

It says again "Supported file types are JPG, PNG and GIF". Is it normal?

[Wqer555]

That's odd.
Right above

if (empty($file_mime) || !isset($tinyib_uploads[$file_mime])) {
  fancyDie(supportedFileTypes());
}

Do

var_dump($file_mime);
var_dump($tinyib_uploads[$file_mime]);
die;

Alternatively you can try replacing
!isset($tinyib_uploads[$file_mime])
with
!in_array($file_mime, $tinyib_uploads)

[porteros13]

With the first option:
string(0) "" Notice: Undefined index: in /usr/home/dlastframe.com/web/boards/imgboard.php on line 175 NULL

And the second one:
"Supported file types are JPG, PNG and GIF"

[porteros13]

I've been investigating and maybe the problem "shell_exec() has been disabled for security reasons" could be with Safe Mode wich surely is in mode on.
I'm contacting with the hosting provider, lets see what do they say coz i don't find any safe mode setting...

I´m witing back when i get a response. Thanks a lot guys for your fast replies.

[Wqer555]

$file_mime may be getting changed. Try putting $file_mime = mime_content_type($file_location); right above the if statement.

[porteros13]

Again:

"Supported file types are JPG, PNG and GIF"

[Wqer555]

The problem is that the expression empty($file_mime) || !isset($tinyib_uploads[$file_mime]) is returning true. Break it down and trace each part as far back as necessary. Use var_dump and die.

[porteros13]

I wrote this, I don't know if is what u said:

if (empty($file_mime)) {
	fancyDie(supportedFileTypes());
	var_dump($file_mime);
	var_dump($tinyib_uploads[$file_mime]);
	die;
}
			
if (!isset($tinyib_uploads[$file_mime])) {
	fancyDie(supportedFileTypes());
	var_dump($file_mime);
	var_dump($tinyib_uploads[$file_mime]);
	die;
}

And I get "Supported file types are JPG, PNG and GIF"

[Wqer555]

fancyDie will print the error message and terminate the script, so you will never run the code following. Try this:

if (empty($file_mime)) {
    echo '$file_mime is empty<br>';
    var_dump($file_mime);
}

if (!isset($tinyib_uploads[$file_mime])) {
    echo '$tinyib_uploads[$file_mime] is not set<br>';
    var_dump($tinyib_uploads[$file_mime]);
}
die;

[porteros13]

Here it is what I got

$file_mime is empty
string(0) "" $tinyib_uploads[$file_mime] is not set
Notice: Undefined index: in /usr/home/dlastframe.com/web/boards/imgboard.php on line 181 NULL

[Wqer555]

If $file_mine is empty then we have to fill it. Search for it and look at the code that modifies it. Otherwise, use $file_mime = mime_content_type($file_location); again.

[SLNETAIGA]

To fix it's:

1. Go to 'imgboard.php'
2. Replace all '$file_mime = $file_info['mime'];' with '$file_mime = mime_content_type($file_location);' maybe on few lines.
3. On line 162 replace '$file_mime_split = explode(' ', trim(@shell_exec('file --mime-type ' . $_FILES['file']['tmp_name'])));' with '$file_mime_split = explode(' ', trim(mime_content_type($_FILES['file']['tmp_name'])));'
4. PROFIT!

[Wqer555]

Why is shell_exec used when PHP supports this natively?

[porteros13]

Hi! Lot of time without posting, I'm sorry.
I've done what SLNETAIGA told, and when I try to upload an image I get a blank page as a result.

Wquer555 I didn't understand the comment you did 15 days ago D: I'm sorry, I'm not an expert with php, last time I got some help with a cousin that came at home hehe

[indrakaw]

Bump.

I got the same problem. It happens a month ago when host decided to disable exec() and shell_exec().

Warning: shell_exec() has been disabled for security reasons in /home/username/path/to/exec-test.php on line 2

New solution? Maybe switch or fallback to native PHP when shell_exec is disabled.

cc @tslocum

Addendum:
They are jerk.

Warning: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /home/username/path/to/ib/imgboard.php on line 111

Warning: file_get_contents(https://i.ytimg.com/vi/20vu6NddR34/hqdefault.jpg): failed to open stream: no suitable wrapper could be found in /home/username/path/to/ib/imgboard.php on line 111

Notice: getimagesize(): Read error! in /home/username/path/to/ib/imgboard.php on line 113

Time to stick to PHP lib-curl.

[tslocum]

Thanks @indrakaw, I've merged your commits and tweaked the function to fall back to file_get_contents if cURL isn't installed.