Hi everyone. I am using elgg 2.3.4
I am using file_get_contents for getting user avatar then base64_encode for encoding data with MINE base64.
My code looks as followed
$context = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
$context = stream_context_create($context);
$encoded_data = 'data:image/jpeg;base64,'.base64_encode(file_get_contents($user->getIconURL('large'),false,$context));
echo '<img class="src-image" src="'.$encoded_data.'" />';
Everything was working perfectly since 6 months.
But today I have changed my elgg advanced setting by enabling the option Restrict pages to logged-in users
Since I have enable that option I have the following php error generated by the above code.
"file_get_contents(https://esfam-simplesamlphp.auf.org/serve-file/e0/l1515440414/di/c1/Rs5GJxUpA__z2WJXTWW7RqQZEyzdnJAc5zyAFGxE8hc/1/36/profile/36large.jpg): failed to open stream: HTTP request failed! HTTP/1.0 403 Forbidden\r\n" in file /home/pessek/Documents/WEB/elggtest/mod/pessek_profile/views/default/profile/details.php (line 285), referer: https://esfam-simplesamlphp.auf.org/profile/admin
So file_get_contents cannot get the content of the image anymore when Restrict pages to logged-in users is enabled. But I can open the image using my browser
I need your guidance
Best regard
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- ihayredinov@ihayredinov
ihayredinov - 0 likes
- Hermand Pessek@rheman
Hermand Pessek - 0 likes
- Hermand Pessek@rheman
Hermand Pessek - 0 likes
- Jerome Bakker@jeabakker
Jerome Bakker - 1 like
- Hermand Pessek@rheman
Hermand Pessek - 0 likes
You must log in to post replies.Why would you burn cycles and bloat your HTML by inlining the image bytes? Let the browser load it via HTTP.
But to answer your question, icon URLs are session bound, so you can't load them without a cookie in your stream.
Thanks a lot
But which cookies should I add to my stream ?
why do this through an html request?? why not
Thanks a lot.. work perfectly.