Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I just stumbled across a side effect of #528682: Allow inline images to be posted to Drupal.org project pages, docs pages, and comments without any special permissions -- an enterprising user added an inline image to their signature: http://drupal.org/node/1313554#comment-5143458
Since there are no file attachments enabled for forum threads, comments, or signatures I doubt this was an intended consequence of that issue.
Should we make another input format for signatures that doesn't have that filter?
Comments
Comment #1
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedYeah, that's certainly not the intention.
Comment #2
WorldFallz CreditAttribution: WorldFallz commentedWe've also got some users that figured out a way to post images to forum posts: #1317144: adding images to a showcase forum post.
Can I assume this was also unintended and remove the?
Comment #3
tvn CreditAttribution: tvn commentedComment #4
WorldFallz CreditAttribution: WorldFallz commentedalso being abused in profiles: https://drupal.org/user/255384
is there any way to track down where these folks are uploading the files by URL so we can at least remove them and see how they're doing it?
Comment #5
dddave CreditAttribution: dddave commentedWhy not simply ask him? I am not under the impression that is some bad guy trying to abuse drupal.org covertly. ;)
Comment #6
WorldFallz CreditAttribution: WorldFallz commentedlol, that works for an individual occurrence.... and actually, in this case it turns out it's part of a featured marketplace listing which could be considered a benefit of a featured listing.
The main issue is that we've purposely disabled image uploads in certain cases, but users are able to bypass it.
Comment #7
dddave CreditAttribution: dddave commentedI thought the problem was the investigation of "how they're doing it" (which in this specific case seems to be a feature indeed). But maybe we are getting our wires crossed and I don't understand the issue?
Comment #8
silverwing CreditAttribution: silverwing commentedI say we go the theme route with (kinda)
.signature img {display:none;}
The images I've seen in signature so far have been pretty restrained, but I'd rather we not have them than get those flashing annoying images.
Comment #8.0
silverwing CreditAttribution: silverwing commentedfixed issue link
Comment #9
WorldFallz CreditAttribution: WorldFallz commentedAnother instance:
https://drupal.org/node/2149883
It appears the user misused file attachments in an issue (#2149517: Not retrieving images in commmerce product page) simply in order to include the image in a forum post.
We can do something similar to #8 (.node-type-forum .content img {display: none;}) for forums as well.
Personally, i prefer forum threads not be polluted by images (which is I assume why there's no file field on them), but it would be nice to get more opinions.
Comment #10
tvn CreditAttribution: tvn at Drupal Association commentedClosing due to inactivity since 2013. Please re-open if it is still a problem.