I just stumbled across a side effect of #528682: Allow inline images to be posted to Drupal.org project pages, docs pages, and comments without any special permissions -- an enterprising user added an inline image to their signature: http://drupal.org/node/1313554#comment-5143458

Since there are no file attachments enabled for forum threads, comments, or signatures I doubt this was an intended consequence of that issue.

Should we make another input format for signatures that doesn't have that filter?

Comments

killes@www.drop.org’s picture

killes@www.drop.org CreditAttribution: killes@www.drop.org commented
Category: support » bug

Yeah, that's certainly not the intention.

WorldFallz’s picture

WorldFallz CreditAttribution: WorldFallz commented
Title: signature images? » forum / signature images?

We've also got some users that figured out a way to post images to forum posts: #1317144: adding images to a showcase forum post.

Can I assume this was also unintended and remove the?

tvn’s picture

tvn CreditAttribution: tvn commented
Component: Content moderation » Other
WorldFallz’s picture

WorldFallz CreditAttribution: WorldFallz commented

also being abused in profiles: https://drupal.org/user/255384

is there any way to track down where these folks are uploading the files by URL so we can at least remove them and see how they're doing it?

dddave’s picture

dddave CreditAttribution: dddave commented

Why not simply ask him? I am not under the impression that is some bad guy trying to abuse drupal.org covertly. ;)

WorldFallz’s picture

WorldFallz CreditAttribution: WorldFallz commented

lol, that works for an individual occurrence.... and actually, in this case it turns out it's part of a featured marketplace listing which could be considered a benefit of a featured listing.

The main issue is that we've purposely disabled image uploads in certain cases, but users are able to bypass it.

dddave’s picture

dddave CreditAttribution: dddave commented

I thought the problem was the investigation of "how they're doing it" (which in this specific case seems to be a feature indeed). But maybe we are getting our wires crossed and I don't understand the issue?

silverwing’s picture

silverwing CreditAttribution: silverwing commented

I say we go the theme route with (kinda) .signature img {display:none;}

The images I've seen in signature so far have been pretty restrained, but I'd rather we not have them than get those flashing annoying images.

silverwing’s picture

silverwing CreditAttribution: silverwing commented
Issue summary: View changes

fixed issue link

WorldFallz’s picture

WorldFallz CreditAttribution: WorldFallz commented

Another instance:

https://drupal.org/node/2149883

It appears the user misused file attachments in an issue (#2149517: Not retrieving images in commmerce product page) simply in order to include the image in a forum post.

We can do something similar to #8 (.node-type-forum .content img {display: none;}) for forums as well.

Personally, i prefer forum threads not be polluted by images (which is I assume why there's no file field on them), but it would be nice to get more opinions.

tvn’s picture

tvn CreditAttribution: tvn at Drupal Association commented
Issue summary: View changes
Status: Active » Closed (cannot reproduce)

Closing due to inactivity since 2013. Please re-open if it is still a problem.