It seems like your server treat those image file is suspicious file when i submit a new comment with attachment file.

Warning! You are uploading a suspicous file(file content does not match file extension). 



If you are the server administrator, please notice that this is a suspicious file.

File Type: x-httpd-php

Can you consult with your webhosting provider regarding this and show them my following screenshot?

Hi,

Were you trying to upload an image file or php file?

I got in contact with my host and this was their reply:

First reply:

We have disabled modsecurity for the domain as this appeared to be causing an issue on the firewall.

However this does not appear to have fixed the issue. This may be a configuration issue in joomla, if you can let us know your Joomla logins, we can take a look. Please bear in mind that we are not joomla experts and any support we give give would be on a best effort basis.


Second reply after I gave them access:

Joomla has a file allow list that prevents you uploading files that are not pre-approved. You can view the List under Media and then clicking options on the right. The current allow list is below:

bmp,csv,doc,gif,ico,jpg,jpeg,odg,odp,ods,odt,pdf,png,ppt,swf,txt,xcf,xls,BMP,CSV,DOC,GIF,ICO,JPG,JPEG,ODG,ODP,ODS,ODT,PDF,PNG,PPT,SWF,TXT,XCF,XLS

According to the error message, the file type you tried to upload was of .php format and thus was rejected. If this was not the case, please attach the file that you were trying and the exact steps to recreate the issue and I will investigate further for you.



I tried uploading an image again but still not showing up in the comments section. I'm waiting for their response again.

Hi,

Update.

This is their latest reply:

From what we can tell the image part of the comment section in the blog requires an image link to an externally hosted image.

You may need to allow php files for this function to work correctly. However we are unsure, apologies, but I'm not surte we can help diagnose this particular Joomla issue.

Hm, I think your host was trying on a different button, http://take.ms/rwWIn :x I have just tried to upload an attachment and it seems to be hitting a similar error which is most likely coming from the webserver, http://take.ms/x74Lw

okay, let me get back to them now...

Sure, keep us updated on this Moghees

Reply from hosting provider:

After some testing it appears that it may be just that one image, as I have uploaded multiple images of png and jpg to the following link and these are working fine.

http://www.lovegraphicdesign.net/index.php/en/blog/item/3-6-most-essential-fonts-free-to-use-for-your-graphic-design-projects

Can you try using another image or re exporting that image as a different file extension from where the image was created and let us know if you have any issues. As I have also tried resizing the image on my machine and exporting it as another size and this still did not work.

I have also monitored the logs while trying to upload and nothing is being reported in the logs when the image does not upload

I'm still trying to sort out a solution for the image attachment upload.

However if I use the picture icon and insert an image using the [img] tag I came across this issue:

I have an image on my server (website) which I link http://www.lovegraphicdesign.net/images/slack.jpg and that uploads OK. If I try loading a different link that is on another server or website e.g http://www.bxdcreative.com/images/themexpert/home/home1/man_stand2.png then I get an error message: SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data What is happeneing here?

Thanks for getting back to us, since your hosting already disable that mod_security from your server, this issue still persistsm it could be one of the 3rd party plugin causing this.

After spend a few hour disable one by one of your 3rd party plugin from your backend, it seems like this `System - Centrora Security Activation Plugin` plugin causing the issue, when i disabled it, it upload image just fine now.

Can you give it a check?

Hi. The issue is fixed. I had to disable a setting in the Centrora Security setting by disabling "File Upload Validation" in Centrora menu --> Firewall Rules Fine-tuning.

However this bit you never answered and its not to do with the upload icon. Its the picture icon in the menu tool bar.

I have an image on my server (website) which I link http://www.lovegraphicdesign.net/images/slack.jpg and that uploads OK. If I try loading a different link that is on another server or website e.g http://www.bxdcreative.com/images/themexpert/home/home1/man_stand2.png then I get an error message: SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data What is happeneing here?

Hey there,

I am really sorry for the delay of this reply as it is a weekend for us here.

Hi. The issue is fixed. I had to disable a setting in the Centrora Security setting by disabling "File Upload Validation" in Centrora menu --> Firewall Rules Fine-tuning.

Thanks for sharing.

However this bit you never answered and its not to do with the upload icon. Its the picture icon in the menu tool bar.

I have an image on my server (website) which I link http://www.lovegraphicdesign.net/images/slack.jpg and that uploads OK. If I try loading a different link that is on another server or website e.g http://www.bxdcreative.com/images/themexpert/home/home1/man_stand2.png then I get an error message: SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data What is happeneing here?

I am sorry for missed up your question in earlier, do you mean you trying to add these following code into the comment, it still show that error ?

[gist type="php"]


[/gist]

If yes, It seems like i was unable to replicate this on your site, you can check my attached screenshot below.

Hi,

I am using a Mac and I am still encountering the problem. In the Firefox browser, I still get the error message and in the Chrome and Safari browser after submitting I get the status wheel just loading and nothing happens. Just keeps turning. See attachments.

Also regarding the attachment upload, the guys who do the security of my site are asking "The way Komento allows uploads, is there any built-in upload file extension verification in your upload script?

Hey there,

I am really sorry for the delay of this reply as it is a weekend for us here.

It seems like hitting one of the error during the submitting, may i know did you try completely disable this Centrora Security extension and plugin temporary and see is it still hitting the same issue?

At the same time, I will ask my colleague to try in Mac machine and see if we can replicate this issue on Monday, currently I do not have any Mac machine to test on this, I will keep you update tomorrow Monday Morning.

Also regarding the attachment upload, the guys who do the security of my site are asking "The way Komento allows uploads, is there any built-in upload file extension verification in your upload script?

We only validate for the file format and the file size which admin can configure from backend > Komento > setting > general > attachment , when the system detected user upload those file format which not allowed, then it will not allow to update it.