Support » Plugin: Avatar Privacy » There was an error uploading the avatar: Specified file failed upload test.

  • Resolved alx359

    (@alx359)


    While trying to upload a new avatar in the user profile (superadmin) I can’t do and get the following message:

    There was an error uploading the avatar: Specified file failed upload test.

    This happens in WAMP localhost only (WP5.2.1/PHP7.2). The VPS (Ubuntu) works fine.

    Please advise.

    Thanks.

Viewing 15 replies - 1 through 15 (of 28 total)
  • Plugin Author pepe

    (@pputzer)

    What kind of file did you try to upload?

    just an ordinary jpg

    The culprit seems to be the \wp_unslash function in \plugins\avatar-privacy\includes\avatar-privacy\upload-handlers\class-user-avatar-upload-handler.php:111

    $avatar = $this->upload(
    /* @scrutinizer ignore-type */
    \wp_unslash( $_FILES[ self::FILE_UPLOAD ] ) // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- ::upload uses \wp_handle_upload.
    );

    $_FILES[ self::FILE_UPLOAD ] outputs:

    array (
      'name' => 'redcross.jpg',
      'type' => 'image/jpeg',
      'tmp_name' => 'C:\\wamp\\tmp\\php3EC5.tmp',
      'error' => 0,
      'size' => 1796,
    )

    \wp_unslash( $_FILES[ self::FILE_UPLOAD ] ) outputs:

    array (
      'name' => 'redcross.jpg',
      'type' => 'image/jpeg',
      'tmp_name' => 'C:wamptmpphp5EC2.tmp',
      'error' => 0,
      'size' => 1796,
    )

    Update:

    Stripping wp_unslash the error is gone, but the image isn’t uploaded, unfortunately.

    In Ubuntu, tmp_name after wp_unslash looks fine:

    array (
      'name' => 'redcross.jpg',
      'type' => 'image/jpeg',
      'tmp_name' => '/srv/users/serverpilot/tmp/www-mysite/phpzOrfrN',
      'error' => 0,
      'size' => 1796,
    )
    Plugin Author pepe

    (@pputzer)

    I’ll look into it, but I do not have Windows system for testing (and all automated tests run on POSIX as well).

    Plugin Author pepe

    (@pputzer)

    @alx359, can you please try to insert a call to wp_normalize_path inside the wp_unslash? The line should look like this:

    
    $avatar = $this->upload(
    /* @scrutinizer ignore-type */
    \wp_unslash( \wp_normalize_path( $_FILES[ self::FILE_UPLOAD ] ) ) // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- ::upload uses \wp_handle_upload.
    );
    

    Doesn’t help, unfortunately:

    PHP Warning:  strpos() expects parameter 1 to be string, array given in D:\domains\www.domain.com\wp-includes\functions.php on line 5971
    PHP Warning:  substr() expects parameter 1 to be string, array given in D:\domains\www.domain.com\wp-includes\functions.php on line 5978
    PHP Warning:  substr() expects parameter 1 to be string, array given in D:\domains\www.domain.com\wp-includes\functions.php on line 1912
    'Array'
    PHP Warning:  strpos() expects parameter 1 to be string, array given in D:\domains\www.domain.com\wp-includes\functions.php on line 5971
    PHP Warning:  substr() expects parameter 1 to be string, array given in D:\domains\www.domain.com\wp-includes\functions.php on line 5978
    PHP Warning:  substr() expects parameter 1 to be string, array given in D:\domains\www.domain.com\wp-includes\functions.php on line 1912
    PHP Fatal error:  Uncaught TypeError: Argument 1 passed to Avatar_Privacy\Upload_Handlers\Upload_Handler::upload() must be of the type array, string given, called in D:\domains\www.domain.com\wp-content\plugins\avatar-privacy\includes\avatar-privacy\upload-handlers\class-user-avatar-upload-handler.php on line 114 and defined in D:\domains\www.domain.com\wp-content\plugins\avatar-privacy\includes\avatar-privacy\upload-handlers\class-upload-handler.php:116

    As said in the update to my post above, getting rid of \wp_unslash appears to be a move in the right direction (it even copies the image to /uploads/admin_avatar.jpg, but the image isn’t being taken by the UI for some reason. No JS errors either.

    But both arrays look fine:

    $_FILES[ self::FILE_UPLOAD ]

    array (
      'name' => 'redcross.jpg',
      'type' => 'image/jpeg',
      'tmp_name' => 'C:\\wamp\\tmp\\php22E9.tmp',
      'error' => 0,
      'size' => 1796,
    )

    $avatar['file']

    array (
      'file' => 'D:\\domains\\www.domain.com/wp-content/uploads/admin_avatar.jpg',
      'url' => 'https://domain.com/wp-content/uploads/admin_avatar.jpg',
      'type' => 'image/jpeg',
    )
    Plugin Author pepe

    (@pputzer)

    Sorry, my fault. $file is an array, not the file name. Please try this:

    $file['tmp_name'] =  \wp_normalize_path( $file['tmp_name'] );
    
    $avatar = $this->upload(
    /* @scrutinizer ignore-type */
    \wp_unslash( $_FILES[ self::FILE_UPLOAD ] ) // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- ::upload uses \wp_handle_upload.
    );

    Tried that but didn’t make any difference.

    Then tried this:

    $file = $_FILES[ self::FILE_UPLOAD ];
    $file['tmp_name'] = \wp_normalize_path( $file['tmp_name'] );
    
    $avatar = $this->upload( \wp_unslash( $file ) );

    That turned the slashes:

    array (
      'name' => 'redcross.jpg',
      'type' => 'image/jpeg',
      'tmp_name' => 'C:/wamp/tmp/php699.tmp',
      'error' => 0,
      'size' => 1796,
    )

    but didn’t help either, and the message appeared again:

    There was an error uploading the avatar: Specified file failed upload test.

    Plugin Author pepe

    (@pputzer)

    Again, sorry, I should not write code directly in the replies. I was looking at one method in the editor, but writing code for use in another *doh*. Of course the global needs to be assigned to $file first (wp_unslash should be applied to the whole of $file, though).

    Have you tried reloading the profile at that point? Sometimes browser caching can wreak havoc for something like this.

    Yes, I know. I did as you said (seems I fixed my reply above yours shortly after you opened it).

    But IMO we’re moving side-ways. The $_FILES[ self::FILE_UPLOAD ] looks fine to me if just wp_unslash isn’t applied on Windows. Isn’t it?

    array (
      'name' => 'redcross.jpg',
      'type' => 'image/jpeg',
      'tmp_name' => 'C:\\wamp\\tmp\\php22E9.tmp',
      'error' => 0,
      'size' => 1796,
    )

    It seems there’s something else that’s creating an issue because of Windows.

    Plugin Author pepe

    (@pputzer)

    Probably, but I’ve got no idea where. Anyway, normalizing the path is prudent on Windows, native path values can become problems elsewhere.

    And: Did you try to shift-reload the profile page after uploading an image (with wp_unslash disabled or with normalizing the path)? Does the newly uploaded image show? Or does the resizing action downstream fail as well? Do generated PNG default icons (eg. MonsterID) work?

    The only one that works for me (i.e. doesn’t give an error) is plain $_FILES[ self::FILE_UPLOAD ]. Any combinations of wp_normalize_path($file['tmp_name']) and/or wp_unslash($file) produces the Specified file failed upload test error.

    Shift-reload doesn’t make a difference. Tried with Identicon, MonsterID, and Rings.

    Plugin Author pepe

    (@pputzer)

    So the generated icons don’t work either?

    Apologies for not being concise enough. All generated Avatar icons work fine. Gravatars are taken from their cache directory fine (the main reason I was looking for AP). Only the upload new Profile Picture in Users > Your profile isn’t working on Windows; the default generated Avatar icon (for the given collection) stays there and can’t be changed.

    The problem now points to /uploads/avatar-privacy/cache/user/*.* not being created in Windows (i.e. the folder user isn’t there). So the override that the cache does isn’t being properly applied to the profile picture for some reason, and it’s still getting fetched as a generated avatar, i.e. https://mydomain.com/wp-content/uploads/avatar-privacy/cache/identicon/f/f/ffa1b7dac35f370246c2a6fc41f66642b8ca4eb29c95515be65b4c9b22fd1317.svg

Viewing 15 replies - 1 through 15 (of 28 total)
  • You must be logged in to reply to this topic.