/meta/ - Board Meta

http://nanochanqwrwtmamtnhkfwbbcducc4i62ciss4byo6f3an5qdkhjngid.onion/l/14715.html

>>14734
By another pic I meant another in post 733.
Try your magic on my second file and tell me exactly what you did. In the first case to.
I also tried "convert" to png and stuff even, and it STILL broke. I also tried to "save as" the stuff in an image editor. No luck.

>>14735
I mean I cannot upload that pic from catbox ever. And I certainly was able to before.
OK this pic is cute too.

I hope you get a boyfriend soon so you can quit your spam.

>>5269
My heart is broken forever, OK?

>cumskins
why are they so incompetent? nothing like this EVER happened when hapase was in charge. we should bring back hapase

>>5271
>hakase resorting to straight up begging to take back the reins for nanochan
You know, if there wouldn't be significant backlash in doing so, I would actually give you the keys and files back. You did finish the rewrite, after all, and maybe accelerationism would be much better for this place than a slow boil

>>5275
>HUR UR A HAPASE.
no, stop trying to collapse everyone you don't like into a singular entity to preserve your fragile mind from the possibility that there might be two (g*d forbid!) or more people who don't like you.
>I would actually give you the keys and files
Don't bother. I am not interested in babysitting a site full of wiggers, and I honestly don't fancy the task of converting your corrupted database into the new format either.

Meanwhile I cannot upload https://files.catbox.moe/bpjoky.jpg still! And some others too!

Please at least tell me you have the same problem or not.

Also I realized that I said "uploaded after changing the extension to jpeg" while I meant "from jpeg to jpg". Though earlier I recommended to rename to jpeg to reproduce the bug. It somehow got mixed up in my head and probably caused misunderstanding, that's why I'm clarifying it now.

>>5281
it works for me lol

>>5283
Well, FML.

>>5284
It doesn't really make any sense though, the file should be the same right? So what else is different? I just reuploaded without changing anything nor content nor extension.
SHA256 hash of the file on my part 9ef8cc5809534fdfba7c9a0fa04e2bd7837888397941c680a278b49faca11102

>>5276
>stop trying to collapse everyone you don't like into a singular entity
But I like hakase. There's just too much proof and conjecture for me to continue denying it.
>I am not interested in babysitting a site full of wiggers
Typical nigger behavior

>>5286
Yea, the file is the same, I even double-checked that file from catbox in case it was tampered with (it shouldn't have been the case anyway).

The only explanation that would make sense now is that the transmission gets borked somehow, but it seems REALLY unlikely. The other one could be that maybe the image processing code is time-sensitive somehow, meaning the time of upload matters or some shit.

But anyway since there was a problem with jpeg/jpg and there wasn't a problem before makes me think it's not on my end.

Pics are still broken for me BTW. Well, some of them.
I just wanna know what happened server-side (like, webserver updates, lua updates or something), because I need to know if it's the issue with my browser or what the actual heck.

>>5628
Upload them to catbox or something so others can help you test them

Not starfag, testing to see if it uploads on my end, pic is the first catbox file from phoneposting thread.

Now the "no matter what" picture. If this works, the problem is on your end. This was done via standard TBB. You didn't create this just to spread payloads, did you?

>>5637
>If this works, the problem is on your end.
No shit, Sherlock. You can see another helpful individual (no irony intended) uploading the same pic ITT before, while I cannot do it STILL.
But I was able to before, I'm pretty sure, and sakamoto allegedly changed something, about 3 (?) weeks ago. I want to know what, if possible.

Also if that pic is malicious, then I wouldn't know, sorry. I didn't create it and didn't tamper with it. And anyway, it would be weird to ask others to upload it while being able to upload it and make the supposed victims to download it normally. Well, not that weird, I guess, but I upload a bunch of other pics too, and you don't have to render the pic ever, and… Well, let's not dig a hole for ourselves here. xD

>>5639
The only thing I changed was the file extension verification function. Try:
1. uploading the image with BOTH .jpg and .jpeg extensions
2. checking that the magic bytes match up with what is required in the source code
3. uploading with a different web browser

>>5640
Oh, and if you're using a firefox-based browser, go to the networks tab in devtools, upload the image, click the entry with the POST method, go to headers, click Raw headers, and check if the post filename is supplied along with the file.

>>5641
Fuck wait, it's Edit and Resend, and Request Body:. And you need to check Persist Logs for the entry to stay.

tst

>>5640
1. Tried, still fails.
2. It would be weird if they didn't match because sha256sum of the file I have on me is exactly 9ef8cc5809534fdfba7c9a0fa04e2bd7837888397941c680a278b49faca11102
3. Will try it a bit later

>>5642
Filename is supplied.
>Content-Disposition: form-data; name="file"; filename="filename.jpg"
Is that it?
BTW this is some privacy leak to the server. Not that I didn't know of it, but I'm curious if you can edit that filename without JS tricks.

Though basically I'm curious if there was a webserver update, that would fix some bug that could affect this or would introduce some bug.

OK I got the same error with the w3m browser. At this point I'm willing to assume anything, even glowers on me.

BTW does anyone happen to know a catbox(mixtape,pomf)-like onion fileshare, so I don't upload to clearnet while I'm here?

>file extension verification function
Though in ANY CASE can you remove that function (or revert it to a previous state, like over a month ago, preferrably?) for a sec so I can test the upload again just to check?

>>5656
Upload it with a .txt extension, you should be able to upload any file with that
>>5653
>BTW this is some privacy leak to the server
I'm pretty sure you're leaking more data through exif, especially since nanochan doesn't strip them for you.
>2. It would be weird if they didn't match because sha256sum of the file I have on me is exactly 9ef8cc5809534fdfba7c9a0fa04e2bd7837888397941c680a278b49faca11102
What are you talking about? Just upload the offending files using the trick I mentioned above, and I'll test it myself. If I still can't figure it out I'll try >>5657.

>>5660
> Upload it with a .txt extension
test

>>5660
>Upload it with a .txt extension, you should be able to upload any file with that
Well, it works, but you (or whoever) said yourself nano is not a file hosting service. I was just asking in general. There is a pasteshare for tor, there could be some quick-to-expire-no-captcha-no-nothing fileshare.
>I'm pretty sure you're leaking more data through exif
Not me personally in this particular case. This pic is from a public place.
>Just upload the offending files
I did, on catbox, others already tested that.
>If I still can't figure it out
Well, I would be SO thankful like I could stop avatarfagging even. xD For like a month or two.

>>5661
From what I can tell that looks like a regular image file to me. Anyway, the file.format function is reverted to the latest version in hakase's code temporarily, tell me when you've done your tests.
>>5662
The rules aren't rigid, and if you do break them they'll just get deleted, which for a test upload I'm sure you don't mind.
>in general
There are a ton of pomf clones out there with less cancer than catbox (no patreon, less rulecucking etc), but most of them might die at any moment so I haven't bothered with investigating them. For anonymous file hosting, zippyshare's probably the best, but there's other sites like anonfile (haven't actually tried it), 0x0.st (terminal uploads) and cockfile (24h only, works without js) you could consider

>>5663
>Anyway, the file.format function is reverted to the latest version in hakase's code temporarily, tell me when you've done your tests.
OK testing

>>5663
>Anyway, the file.format function is reverted to the latest version in hakase's code temporarily, tell me when you've done your tests.
See? >>5664
Now it's absolutely fine. Thank you for your cooperation, so it's definitely linked to the function change. You can revert it back or whatever.
>The rules aren't rigid
Nah, I want some consistent place to upload stuff (to share it here mostly xD)
>For anonymous file hosting, zippyshare's probably the best, but there's other sites like anonfile (haven't actually tried it), 0x0.st (terminal uploads) and cockfile (24h only, works without js) you could consider
Thanks for all those suggestions, I'm sure they'll come in handy, but I've explicitly asked for an .onion resource.

>>5665
That's weird as fuck. Whatever, the extension check wasn't really needed anyway.
>explicitly asked for an .onion resource
Well you asked for a "quick-to-expire-no-captcha-no-nothing" file host, and the ones I recommended should work over tor anyway

>>5665
I still think it's strange how you are the only person experiencing problems with this.
>>5666
Can you post the two versions of whatever you changed somewhere? I'm really curious now.

>>5676
Check the comment block in file.format versus the uncommented code

>>5678
What is passed to file.format as an extension is the result of file.extension. It uses an oversimplified regex that fails on anything that has multiple dots in the filename, i.e. "picture.jpg.backup". I wouldn't put it past starfag to have le random names for his collection. You are right that extension checking on the user's part is overkill though.

I don't understand why the magic bit check doesn't just use a keyvalue pair for analysis, since you can add an arbitrary amount of extensions to that without bloating up the if-else chain and keep multiple bit pairs in an array for value.

>>5679
>picture.jpg.backup
You might be right, the regex might be picking up .backup.jpg instead of .jpg, haven't thought to check on the regex the function uses. I'll fix it later
The magic byte check checks against a specified byte range of arbitrary length at different locations, sometimes multiple times. One of the checks even uses :find() instead of :sub().

>>5680
I ran the same regex in a Lua interpreter and said example gives ".jpg.backup" as a result. Obviously that would fail the check. Not sure how you'd fix it though, short of just checking groups of a split by '.' for anything resembling a file extension.

>>5679
>>5680
>>5681
I'm not an expert in Lua patterns but shouldn't this just werk?

%.([a-z-A-Z-0-9]+)$

>>5681
I don't think .jpg.backup should necessarily be allowed, the problem I'd imagine is there is an extra period in the filename (like image.2019.jpg) and the regex matches 2019.jpg instead of jpg.
>>5682
Theres the %a selector to match letters, so str:match("%.(%a-)$") should work

>there is an extra period in the filename (like image.2019.jpg) and the regex matches 2019.jpg instead of jpg
This is most probably the case.
I could've sworn I could upload some other files with the same naming scheme, but maybe I'm wrong or I just did it before the change

Also I cannot believe I am so braindamaged that I never ever tried to upload the files from catbox (with the changed autogenerated name) (also I could've sworn I did it but I guess not) and never did it after sakamoto asked whether the filename is supplied.

>file uploads fail if the filename is wrong
Wow, suckermooto. Much wow.

>>5684
Nice, looks like this case is finally over. So it was an actual bug in the code, thanks for making me double check the issue
>>5686
No thanks to your retarded pattern matching, hakase. How the fuck should I have known that you couldn't even make a proper regex