Allow users to upload avatars

TASVideos / tasvideos

The code for the live TASVideos website

https://tasvideos.org/

GNU General Public License v3.0

63 stars 29 forks source link

Allow users to upload avatars #227

Closed adelikat closed 1 year ago

adelikat commented 5 years ago

Rather than having whatever sketch image hosting site tripping user's browser security, it would be nice if we could support them uploading to tasvideos.

We should permission restrict this, even if it is given out by default (likely not, maybe experienced forum user's at least).

It should be easy to block/ban an avatar in case of abuse.

Probably a host of other logistical issues.

ActuallyTruncated commented 2 years ago

Oh, this was already added as an issue? Great, that means I will not have to add it. :)

I think this would be a very good move. I don't know how many times that "free" image hosting sites stopped being free or started serving large warning images, and staff had to go through and remove image links.

Additional benefit: we can actually enforce 100x100 pixel, max file size and image format compliance, because the image cannot be changed by the user after the upload moment (which today is the only time the size is checked).

The downside I've heard (during the go-live voice chat) is that potentially illegal material could be uploaded to our servers, rather than some external server. But this is already the case, since we let users upload userfiles which aren't screened for content. The zip files and zip-like files like bk2 could potentially house anything. Also it is difficult to fit much illegality in 9 kB of data, so I don't think this should be an issue.

meshuggahtas commented 2 years ago

I've totally skimmed over zip userfiles and shady images while thinking about security, thank you for bringing up the topic.

Common image upload scenario on community websites:

User only allowed to select from preuploaded images. No need for moderators. No need for checking shady things.
User uploads avatar which will be approved or rejected by moderators. Requires moderators and a special dedicated page which dumps all relevant information about the "image" while showing the image. The idea is to avoid running malicious code while investigating these might be dangerous files and ability to have as many information as possible.
Checking it with antivirus, for example https://developers.virustotal.com/reference/public-vs-premium-api

adelikat commented 1 year ago

I think this wouldn't be necessary if we did https://github.com/TASVideos/tasvideos/issues/640 as @YoshiRulz linked, I think that is the more promising route to take, so much so, I want to close this ticket in favor of that one

YoshiRulz commented 2 months ago

Another point that I don't think has been mentioned yet: Since the URIs provided by users are passed on to other users verbatim, a malicious user could track others (the simple IP + User-Agent kind of tracking), or possibly exploit vulns in browsers' image processing code.