Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Image previews not shown #28884

Closed
weebl2000 opened this issue Jan 6, 2025 · 3 comments
Closed

Image previews not shown #28884

weebl2000 opened this issue Jan 6, 2025 · 3 comments
Labels
A-Media O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect

Comments

@weebl2000
Copy link

Steps to reproduce

If images are sent to a room without an extension in the name there are no previews anymore in the Desktop app. Mediatype is supplied.

This has worked fine for years until a few months ago. I had hoped it would get fixed but it's still happening. On Element Android / iOS app the images still load fine using the same message.

Source message example:

{
  "type": "m.room.message",
  "sender": "@user:server.com",
  "content": {
    "msgtype": "m.image",
    "body": "Blabla",
    "url": "mxc://matrix.server.me/idishere",
    "info": {
      "mimetype": "image/gif"
    }
  },
  "origin_server_ts": <snip>,
  "unsigned": {
    <snip>
  },
  "event_id": "$",
  "room_id": "!x"
}

Outcome

What did you expect?

Image preview shows.

What happened instead?

Image is shown as an attachment link.

Operating system

Linux, Windows

Application version

1.11.89

How did you install the app?

No response

Homeserver

No response

Will you send logs?

Yes

@dosubot dosubot bot added A-Media O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround labels Jan 6, 2025
@t3chguy
Copy link
Member

t3chguy commented Jan 7, 2025

This is done for security, the body field of the event is specified to be the filename if the filename field is missing. When downloaded, a mismatched extension could be executed. E.g. if you have an "image" called "foo.exe" with mimetype image/png it would still be executed by your OS unless you have security cranked up. See GHSA-5486-384g-mcx2

@t3chguy t3chguy closed this as not planned Won't fix, can't repro, duplicate, stale Jan 7, 2025
@weebl2000
Copy link
Author

Why not just add the extension associated with the mediatype upon downloading? Seems safer than the current solution.

@t3chguy
Copy link
Member

t3chguy commented Jan 7, 2025

Because when downloading you can't always specify the filename, it may be specified by the Matrix homeserver instead which does not allow a way to be overriden.

wemu added a commit to tolkienforum/maubot-gollum that referenced this issue Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-Media O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect
Projects
None yet
Development

No branches or pull requests

2 participants