Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • CampanaP 4 posts 54 karma points
    Apr 20, 2023 @ 08:03
    CampanaP
    0

    Umbraco 8 - Image exception

    Hi everyone, we did a penetration test. And we are reporting that some image links called with "incorrect" values in the parameters instead of showing the custom error page from Umbraco release the yellow exception page in view of the user.

    es: https://{my-domain}/media/ygif4ate/{my-image}.jpg?crop=0,0.24858636360403674,0,0.24883793593108072&cropmode="%27>

    Returns an invalid parameter exception. Here is the stack trace:

    [ArgumentException: Parameter is not valid.]
    System.Drawing.Bitmap..ctor(Int32 width, Int32 height, PixelFormat format) +1410764
    ImageProcessor.Processors.Crop.ProcessImage(ImageFactory factory) +747

    [ImageProcessingException: Error processing image with Crop].
    ImageProcessor.Processors.Crop.ProcessImage(ImageFactory factory) +1827 ImageProcessor.Imaging.Formats.FormatBase.ApplyProcessor(Func`2 processor, ImageFactory factory) +24
    ImageProcessor.Web.ImageFactoryExtensions.AutoProcess(ImageFactory factory, IWebGraphicsProcessor[] graphicsProcessors) +191
    ImageProcessor.Web.HttpModules.

    Can you tell me why Umbraco's custom error page does not intercept this exception?

    Thank you very much in advance for your support!

  • Marc Goodson 2155 posts 14408 karma points MVP 9x c-trib
    Apr 26, 2023 @ 10:17
    Marc Goodson
    0

    Hi CampanaP

    It is to do with how IIS handles different requests, the request for an image is a 'static request' and so the failure is outside of Umbraco's request pipeline where you probably have your custom 500 and 404 code implemented, and is falling back to use the default IIS error pages.

    You could add a 'location' tag for the 'media' path and configure specific errors there for /media requests...

      <location path="media">
        <system.webServer>
          <handlers>
            <remove name="StaticFileHandler" />
            <add name="StaticFileHandler" path="*" verb="*" preCondition="integratedMode" type="System.Web.StaticFileHandler" />
          </handlers>
          <httpErrors errorMode="Custom" existingResponse="Replace">
            <remove statusCode="404" />
            <error statusCode="404" path="404.html" responseMode="File" />
            <remove statusCode="500" />
            <error statusCode="500" path="500.html" responseMode="File" />
          </httpErrors>
        </system.webServer>
      </location>
    

    regards

    marc

Please Sign in or register to post replies

Write your reply to:

Draft