Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            v1.0.7 Fix invalidate error image upload

            Created by Support Agent, Modified on Wed, 22 Apr at 12:26 AM by Support Agent

            QUESTION:


            Recently we discovered that one of our clients had malware hidden in images that were being uploaded by the

            module.

            The client is using 1.0.7 on Magento 2.3.5 EE, which appears to be the latest version. Images that are uploaded through your module are not sanitized or validated as Magento core does through their native upload functionality, which allows malicious actors to upload images with toxic EXIF data and embedded scripts in the images themselves. 

            These images are not renamed either and are discoverable through a public directory before being formally

             approved, and are viewable by both admin users and normal users on product pages.


            This problem can be fixed by adding the following lines to the SaveImages controller:

            $imageAdapter = $this->adapterFactory->create();
            $uploader->addValidateCallback('catalog_product_image', $imageAdapter, 'validateUploadFile');


            For implementation reference see Magento\Catalog\Controller\Adminhtml\Product\Gallery\Upload.


            Contributor: Mr Aron Sigurdsson-Morris


            ANSWER:


            To fix this error, please edit the file app/code/Bss/ProductImagesByCustomer/Controller/Index/SaveImages.php as below:



            Or download the attached file below and overwrite the current file on your site. 


            If you have any other question or concern, please feel free to  contact us. We'd be happy to support!


            Get to know us!!


            BSS Commerce is a full-service ecommerce agency with 14+ years of experience, supporting 75,000+ customers worldwide. As an Adobe Commerce Solution Bronze Partner and Select Magento Extensions Builder, we deliver trusted end-to-end solutions.


            Our core strength is Magento, with 150+ extensions designed to enhance store performance and drive growth. With deep expertise from years of working on Magento websites, we deliver scalable, high-impact solutions backed by strong client trust.


            Improve your website performance by choosing our extensions:

            Attachments (1)

            php

            SaveImages.php
            9.19 KB

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0