User image Error

ERPNext
1

on ERPnext
If you use " image data URI " instead of " image URL " on user image
:radioactive:By mistake :space_invader::scream_cat::crying_cat_face::space_invader:
the user can not login and this user will not be in the List for the User
if you search for hem by anther user

and if you try to login it will show

"
**Sorry! **
We will be back soon.
Don’t panic. It’s not you, it’s us.
Most likely, our engineers are updating the code, and it should take a minute for the new code to load into memory.

Try refreshing after a minute or two.

"

2

This sounds serious! Let me replicate and confirm.

3

ok thy are any way to change the image form SSH

4

If serious, I’d suggest a bench --site SITE_NAME console and reset User Image there.

5

@umair
their are any way to close the option
"image data URI "
i did same mistake again :disappointed_relieved:

6

Cannot replicate

7

User Image
Browse or Web Link

what link or value did you insert … i’m trying to replicate but didn’t understand how ?

8

copying the URI and adding as user image in ERPnext app

Untitled-1
Untitled-1789×628 60 KB

9

did it and broke the site :smile:
Sorry!
We will be back soon.
Don’t panic. It’s not you, it’s us.
Most likely, our engineers are updating the code, and it should take a minute for the new code to load into memory.

Try refreshing after a minute or two.

10

@achillesrasquinha

11

Exact steps to replicate this would be really helpful!

12

you copy the uri and past it in profile picture for the user … the system will break
try this image ( erpnext logo )
data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxzdmcKICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIgogICB4bWxuczpjYz0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjIgogICB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiCiAgIHhtbG5zOnN2Zz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciCiAgIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIKICAgaWQ9InN2ZzUyNzEiCiAgIHZlcnNpb249IjEuMSIKICAgdmlld0JveD0iMCAwIDg3LjMxMjUzMSA4Ny4zMTI1MTUiCiAgIGhlaWdodD0iMzMwLjAwMDA2IgogICB3aWR0aD0iMzMwLjAwMDEyIj4KICA8ZGVmcwogICAgIGlkPSJkZWZzNTI2NSIgLz4KICA8bWV0YWRhdGEKICAgICBpZD0ibWV0YWRhdGE1MjY4Ij4KICAgIDxyZGY6UkRGPgogICAgICA8Y2M6V29yawogICAgICAgICByZGY6YWJvdXQ9IiI+CiAgICAgICAgPGRjOmZvcm1hdD5pbWFnZS9zdmcreG1sPC9kYzpmb3JtYXQ+CiAgICAgICAgPGRjOnR5cGUKICAgICAgICAgICByZGY6cmVzb3VyY2U9Imh0dHA6Ly9wdXJsLm9yZy9kYy9kY21pdHlwZS9TdGlsbEltYWdlIiAvPgogICAgICAgIDxkYzp0aXRsZT48L2RjOnRpdGxlPgogICAgICAgIDxjYzpsaWNlbnNlCiAgICAgICAgICAgcmRmOnJlc291cmNlPSJodHRwOi8vY3JlYXRpdmVjb21tb25zLm9yZy9saWNlbnNlcy9ieS1zYS80LjAvIiAvPgogICAgICA8L2NjOldvcms+CiAgICAgIDxjYzpMaWNlbnNlCiAgICAgICAgIHJkZjphYm91dD0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbGljZW5zZXMvYnktc2EvNC4wLyI+CiAgICAgICAgPGNjOnBlcm1pdHMKICAgICAgICAgICByZGY6cmVzb3VyY2U9Imh0dHA6Ly9jcmVhdGl2ZWNvbW1vbnMub3JnL25zI1JlcHJvZHVjdGlvbiIgLz4KICAgICAgICA8Y2M6cGVybWl0cwogICAgICAgICAgIHJkZjpyZXNvdXJjZT0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjRGlzdHJpYnV0aW9uIiAvPgogICAgICAgIDxjYzpyZXF1aXJlcwogICAgICAgICAgIHJkZjpyZXNvdXJjZT0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjTm90aWNlIiAvPgogICAgICAgIDxjYzpyZXF1aXJlcwogICAgICAgICAgIHJkZjpyZXNvdXJjZT0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjQXR0cmlidXRpb24iIC8+CiAgICAgICAgPGNjOnBlcm1pdHMKICAgICAgICAgICByZGY6cmVzb3VyY2U9Imh0dHA6Ly9jcmVhdGl2ZWNvbW1vbnMub3JnL25zI0Rlcml2YXRpdmVXb3JrcyIgLz4KICAgICAgICA8Y2M6cmVxdWlyZXMKICAgICAgICAgICByZGY6cmVzb3VyY2U9Imh0dHA6Ly9jcmVhdGl2ZWNvbW1vbnMub3JnL25zI1NoYXJlQWxpa2UiIC8+CiAgICAgIDwvY2M6TGljZW5zZT4KICAgIDwvcmRmOlJERj4KICA8L21ldGFkYXRhPgogIDxnCiAgICAgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTUwLjA4MTgzOSwtMTA1LjkzMzAzKSIKICAgICBpZD0ibGF5ZXIxIj4KICAgIDxnCiAgICAgICB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTU5Ni4wODI3LC00NjMuNDIwNzYpIgogICAgICAgaWQ9ImcxNDQ2LTQtNSI+CiAgICAgIDxnCiAgICAgICAgIHN0eWxlPSJzdHJva2Utd2lkdGg6MS4wMDAwMDA2IgogICAgICAgICB0cmFuc2Zvcm09Im1hdHJpeCgwLjk5OTk5ODksMCwwLDAuOTk5OTk5ODEsMjc5LjE5MTY3LDQzOC43ODI2KSIKICAgICAgICAgaWQ9ImcxNDIyLTctMiI+CiAgICAgICAgPGcKICAgICAgICAgICBzdHlsZT0ic3Ryb2tlLXdpZHRoOjEuMDAwMDAwNiIKICAgICAgICAgICBpZD0iZzE0MTgtNC02IgogICAgICAgICAgIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0yNS43MzEwMDIsLTAuMTMyMjYzNikiPgogICAgICAgICAgPGcKICAgICAgICAgICAgIHN0eWxlPSJzdHJva2Utd2lkdGg6MS4wMDAwMDA2IgogICAgICAgICAgICAgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTk1LjI1MDAwMikiCiAgICAgICAgICAgICBpZD0iZzE0MTYtNC05Ij4KICAgICAgICAgICAgPHBhdGgKICAgICAgICAgICAgICAgc3R5bGU9Im9wYWNpdHk6MTt2ZWN0b3ItZWZmZWN0Om5vbmU7ZmlsbDojNzU3NGZmO2ZpbGwtb3BhY2l0eToxO3N0cm9rZTpub25lO3N0cm9rZS13aWR0aDozLjk2ODc1MjYyO3N0cm9rZS1saW5lY2FwOmJ1dHQ7c3Ryb2tlLWxpbmVqb2luOm1pdGVyO3N0cm9rZS1taXRlcmxpbWl0OjQ7c3Ryb2tlLWRhc2hhcnJheTpub25lO3N0cm9rZS1kYXNob2Zmc2V0OjA7c3Ryb2tlLW9wYWNpdHk6MTtwYWludC1vcmRlcjpub3JtYWwiCiAgICAgICAgICAgICAgIGQ9Im0gMTUwMS4xODQ2LDEzMC43MDM0OCBoIDYwLjg1NDIgYyA3LjMyOSwwIDEzLjIyOTIsNS45MDAyIDEzLjIyOTIsMTMuMjI5MTYgdiA2MC44NTQxOSBjIDAsNy4zMjg5NiAtNS45MDAyLDEzLjIyOTE3IC0xMy4yMjkyLDEzLjIyOTE3IGggLTYwLjg1NDIgYyAtNy4zMjg5LDAgLTEzLjIyOTIsLTUuOTAwMjEgLTEzLjIyOTIsLTEzLjIyOTE3IHYgLTYwLjg1NDE5IGMgMCwtNy4zMjg5NiA1LjkwMDMsLTEzLjIyOTE2IDEzLjIyOTIsLTEzLjIyOTE2IHoiCiAgICAgICAgICAgICAgIGlkPSJwYXRoMTQxNC0zLTQiIC8+CiAgICAgICAgICA8L2c+CiAgICAgICAgPC9nPgogICAgICAgIDxnCiAgICAgICAgICAgaWQ9ImcxNDIwLTAtNCIKICAgICAgICAgICB0cmFuc2Zvcm09Im1hdHJpeCgxLjAxMzE0NzIsMCwwLDEuMDEzMTQ3MiwtMTQ0LjAxMzQ5LC0yLjI5MDU5MzgpIgogICAgICAgICAgIHN0eWxlPSJzdHJva2Utd2lkdGg6MC45ODcwMjQyNSIgLz4KICAgICAgPC9nPgogICAgICA8cGF0aAogICAgICAgICBpZD0iY2lyY2xlMTQyNC03LTYiCiAgICAgICAgIHRyYW5zZm9ybT0ibWF0cml4KDAuMjY0NTgzMzMsMCwwLDAuMjY0NTgzMzMsMTY0Ni4xNjQ1LDU2OS4zNTM3OSkiCiAgICAgICAgIGQ9Ik0gMTY0LjkyNTc4IDIyOC4wMDk3NyBBIDQxMi42MDQ1MyA0MTIuNjA0NTMgMCAwIDAgMCAyNjIuOTQ5MjIgTCAwIDI4MCBDIDAgMzA3LjcwMDAxIDIyLjMwMDIyIDMzMCA1MCAzMzAgTCAyODAgMzMwIEMgMzA3LjY5OTc4IDMzMCAzMzAgMzA3LjcwMDAxIDMzMCAyODAgTCAzMzAgMjYyLjcwNTA4IEEgNDEyLjYwNDUzIDQxMi42MDQ1MyAwIDAgMCAxNjQuOTI1NzggMjI4LjAwOTc3IHogIgogICAgICAgICBjbGlwLXBhdGg9Im5vbmUiCiAgICAgICAgIHN0eWxlPSJvcGFjaXR5OjE7dmVjdG9yLWVmZmVjdDpub25lO2ZpbGw6IzY1NjRmOTtmaWxsLW9wYWNpdHk6MTtzdHJva2U6bm9uZTtzdHJva2Utd2lkdGg6MTU7c3Ryb2tlLWxpbmVjYXA6YnV0dDtzdHJva2UtbGluZWpvaW46bWl0ZXI7c3Ryb2tlLW1pdGVybGltaXQ6NDtzdHJva2UtZGFzaGFycmF5Om5vbmU7c3Ryb2tlLWRhc2hvZmZzZXQ6MDtzdHJva2Utb3BhY2l0eToxO3BhaW50LW9yZGVyOm5vcm1hbCIgLz4KICAgICAgPGcKICAgICAgICAgc3R5bGU9ImZpbGw6IzRhMTVjNjtmaWxsLW9wYWNpdHk6MSIKICAgICAgICAgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMi44MTQ0NTIzLDAuODQ3ODQyNTkpIgogICAgICAgICBpZD0iZzE0MzQtOC0wIiAvPgogICAgICA8ZwogICAgICAgICBpZD0iZzE0NDQtNi03IgogICAgICAgICB0cmFuc2Zvcm09InRyYW5zbGF0ZSgzLjg3Mjc4NTcsLTAuMzI1MjQ5NTIpIj4KICAgICAgICA8cGF0aAogICAgICAgICAgIHN0eWxlPSJvcGFjaXR5OjE7dmVjdG9yLWVmZmVjdDpub25lO2ZpbGw6I2ZmZmZmZjtmaWxsLW9wYWNpdHk6MTtzdHJva2U6bm9uZTtzdHJva2Utd2lkdGg6MTU7c3Ryb2tlLWxpbmVjYXA6YnV0dDtzdHJva2UtbGluZWpvaW46bWl0ZXI7c3Ryb2tlLW1pdGVybGltaXQ6NDtzdHJva2UtZGFzaGFycmF5Om5vbmU7c3Ryb2tlLWRhc2hvZmZzZXQ6MDtzdHJva2Utb3BhY2l0eToxO3BhaW50LW9yZGVyOm5vcm1hbCIKICAgICAgICAgICBkPSJtIDM3MzguOTQ3Myw5NTEuNzg1MTYgYyAtMS4wMzg4LDAgLTIuMDUxMSwwLjEwNTUyIC0zLjAyOTMsMC4zMDQ2OCAtMC45NzgzLDAuMTk5MTYgLTEuOTIyNSwwLjQ5MjU4IC0yLjgyMDMsMC44NzExIC0wLjQ0OSwwLjE4OTI2IC0wLjg4NTQsMC40MDA0NyAtMS4zMTA2LDAuNjMwODYgLTAuODUwMywwLjQ2MDc2IC0xLjY1MDQsMS4wMDA5MSAtMi4zOTA2LDEuNjExMzIgLTMuMzMxMiwyLjc0Njg3IC01LjQ0OTIsNi45MDc2NiAtNS40NDkyLDExLjU4MjA0IHYgMC45MTQwNiAxMzMuMTczNzggMC45MTIyIGMgMCw4LjMxIDYuNjksMTUgMTUsMTUgaCAxMDQuOTA4MiBjIDguMzEsMCAxNSwtNi42OSAxNSwtMTUgdiAtMC45MTIyIGMgMCwtOC4zMSAtNi42OSwtMTUgLTE1LC0xNSBoIC04OC45OTQyIHYgLTM3LjM2MTMgaCA2Ni4xNjk5IGMgOC4zMSwwIDE1LC02LjY5IDE1LC0xNSB2IC0wLjkxMjEgYyAwLC04LjMxIC02LjY5LC0xNSAtMTUsLTE1IGggLTY2LjE2OTkgdiAtMzQuOTAwMzggaCA4OC45OTQyIGMgOC4zMSwwIDE1LC02LjY5IDE1LC0xNSB2IC0wLjkxNDA2IGMgMCwtOC4zMSAtNi42OSwtMTUgLTE1LC0xNSB6IgogICAgICAgICAgIHRyYW5zZm9ybT0ibWF0cml4KDAuMjY0NTgzMzQsMCwwLDAuMjY0NTgzMzQsNjgyLjgwNjI2LDMzOS42ODA1MSkiCiAgICAgICAgICAgaWQ9InJlY3QxNDM2LTgtNCIgLz4KICAgICAgPC9nPgogICAgPC9nPgogIDwvZz4KPC9zdmc+Cg==

put it instaid of https://erpnext.org/assets/foundation/img/erpnext-logo.svg

that will break the website …
try it at a dummy bench or site not a site u use because it will break

13

و انا من الصبح شو اقول
ههههههه

14

:joy::joy:

15

Okay shit this is serious. I’ve traced, exists on the latest and production too. I had my site go down too. @codingCoffee states this only exists in terms of produciton

I just recovered from my crash by updating the user image within console.

`

16

http://urlregex.com
we can use this

import re

url = str(‘data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4W5kYWxvbmU9Im5vIj8’)

urls = re.findall( 'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*(),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+
', url)

print urls

17

urls = re.match( ‘http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*(),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+’,url)
return none if it doesn’t match

18

@ahmadRagheb, @smsar

Diagnosed the issue. Here’s what happens. data URI ends up being more in terms of memory. This is retrieved during initial login when you’re expecting a cookie. Cookie data is of limited characters and hence this gets truncated, thereby Login Failure. The fix is simple, maybe have a User Image validation check that’s all. Will dispatch the fix tomorrow at the earliest.

Meanwhile to unbrick your site simply

$ bench --site SITE_NAME mariadb

sitename> UPDATE `tabUser` SET user_image = "" WHERE name in ('example@gmail.com')

You’d need a more complex query if you want to retrieve your previous user image (via the Version DocType, but meh.)

Should fix your site. Thanks for noticing and trying this out. This issue potentially could propagate vulnerability and site down for many sites. :smile:

1 Like