search

LBPUnion / ProjectLighthouse

Project Lighthouse is a clean-room, open-source custom server for LittleBigPlanet.
GNU Affero General Public License v3.0
205 stars 53 forks source link

Profile picture uploads through the website are not checked for file size or aspect ratio #545

Open logantgt opened 1 year ago

logantgt commented 1 year ago

Describe the bug Profile pictures uploaded through the website are not checked for either file size or aspect ratio, causing potential server storage issues and layout issues. So far I have tested with images of as large as 30MB which is quite unreasonable for a single image.

To Reproduce Steps to reproduce the behavior:

  1. Go to the settings page of any profile you have access to
  2. Attempt to upload a profile picture of massive dimensions or a strange aspect ratio
  3. Save the profile picture
  4. You will get some kind of unexpected behavior; if the page loads after the image is uploaded to the server, you'll see the site cropping the profile picture in some areas and displaying it completely in others.

Expected behavior The site should have the ability to respond with an error informing the user that their image does not meet certain requirements, like a file size limit or acceptable aspect ratio like 1:1 (or ideally a cropping dialogue would be offered).

Screenshots image

Environment Details

Ezoiar commented 1 year ago

OH LOL

Arcadius2006 commented 1 year ago

aspect ratio shouldn't be a problem, the game normally squashes or crops the image to fit it into the square/circle

filesize/resolution is a problem

TorutheRedFox commented 1 year ago

aspect ratio shouldn't be a problem, the game normally squashes or crops the image to fit it into the square/circle

filesize/resolution is a problem

lbp2 past a certain patch and lbp3 crop/letterbox (it seems to letterbox if the aspect ratio is past a certain width?), all other games feed the texture as-is making it get squashed

vilijur commented 7 months ago

*** edited by maintainer due to security concern ***

[content removed]

If I may provide a suggestion, it might be a good idea to have the server automatically downscale high resolution images that are too big that it would cause the game to crash. Though that might be harder to implement than having a resolution/file size limit when uploading images.

sudokoko commented 7 months ago

*** edited by maintainer due to security concern ***

[content removed]

If I may provide a suggestion, it might be a good idea to have the server automatically downscale high resolution images that are too big that it would cause the game to crash. Though that might be harder to implement than having a resolution/file size limit when uploading images.

Hey there! I'll be reaching out via DM shortly to discuss the security-related aspect of this comment with you privately. Given the security concern, I have gone ahead and edited your original message to remove reference of the security information.