# Submission bypass "abuse"?



## Shokuji (Apr 10, 2009)

I've noticed that when I upload stuff it's re-sized and reduced to about 200KB or so, and when costs are in mind it's very understandable. Here's an example of what I'm talking about:
http://www.furaffinity.net/view/2161817/

It's not the only example, and I'm not trying to call the artist out or be a dick, but I'm curious: *Is this kind of behavior is costing FA more money to keep the site up and running, or do they have so much bandwidth they don't really care right now?*

If it's not a big deal, cool. Otherwise I thought I'd bring it up.


----------



## Stratelier (Apr 10, 2009)

What is the question?


----------



## krisCrash (Apr 10, 2009)

Hey have you noticed if you edit your file and upload a new, it's not resized again? Or at least it wasn't.

I don't know what Shokuji wants to ask either though, but I wanted to point that out.


----------



## Armaetus (Apr 10, 2009)

That file is over a megabyte...


----------



## Shokuji (Apr 11, 2009)

Stratadrake said:


> What is the question?


 Perhaps the question that was *bolded*? I'll re-ask it (in _italics_ this time):

Setup: FA has a process of purposely reducing the dimension & data size of submissions (to save money on bandwidth, etc).
Question: _Are the people who are bypassing this process (by re-uploading) costing FA more money, or do they not care right now (because perhaps they have bandwidth to burn)?_



krisCrash said:


> I don't know what Shokuji wants to ask either though, but I wanted to point that out.


 I'm curious if people even read my post at all. =/ I even freakin' *bolded* the question! x_x



Glaice said:


> That file is over a megabyte...


 Yep, but really.. should it be? The uploader usually limits file size to around 200KB. Such a massive file increase could be costing FA lots more money (when it happens on lots of submissions from lots of artist). Which was my question.. that no one seemed to read. ~_~;


----------



## Grimfang (Apr 11, 2009)

If you look at the file submission note:
_
# Accepted formats: jpg, gif, png, jpeg
# *Max. file size: 10Mbytes*
# *Max. image dimensions: 1280x1280*
_
Also
_
Note: *Images of larger then the maximum dimensions will be resized* down to the max. limit and converted to JPEG format no matter the original image type, losing the quality of your image.
Even though the image will be transparently resized, it is advised that you resize the image yourself to meet FA's limitations before uploading it to the server._

So you don't have to worry about your stuff being resized as long as you don't exceed said size limits. I can't really say I know the ins and outs of the main site, but you shouldn't have an issue with uploading images over 200kb. >1mb does seem quite hefty for a single image though. I try to cap my own around 300kb. You have that freedom of choice though.


----------



## Shokuji (Apr 11, 2009)

Every time I've ever uploaded anything (a few months ago) it always seemed to reduce the data size to around ~200KB. But now when I'm trying it, as long as I keep it within the 1280 dimensions it's seemingly untouched.

I figured the massive 10MB file size limitation was for people who didn't know how to save images at a reasonable size. Not only would that kind of bandwidth become really expensive for FA, but there are users out there that are on limited/metered internet & 10MB for a single image is a sizable chunk.

Beyond that I couldn't imagine how you would need 10MB for a jpeg or even a png24, in my tests I got a jpeg up to 2MB (not realistic, had to synthetically add textures to make it a higher file size) and that same image as a png24 was only 3MB. 

It just seems like a waste of bandwidth to me, but if that's what's acceptable then I'll leave it alone. All I suggest is that if FA ever goes over their bandwidth limit they should restrict file sizes or something. Maybe introduce an FAQ on how to produce reasonably sized images.


----------



## Grimfang (Apr 11, 2009)

Oh, another thing I just noticed is that those filesize restrictions apply to any type of submission. So the 10mb limit was probably more intended for flash and audio submissions. The less bandwidth-conscious can still use that though, heheh. But again, I don't have anything to do with the main site, so I can't say any of this is necessarily true or what "FA" feels.


----------



## Firehazard (Apr 11, 2009)

I would certainly propose different limits for images than we have for Flash and audio files, but I'm not tech-savvy enough to know what reasonable ones would be (and by reasonable I _don't_ mean like VCL where "if you can possibly make it any smaller, it's too big; also PNGs aren't allowed at all").  Ideally on a sliding scale based on the dimensions.  Even more ideally on a sliding scale that takes into account the people who bypass the dimension limits by re-uploading, because almost everyone who does has a good reason for it.

EDIT: By the way, the file in question did not bypass anything; it is well within the 10MB limit, and from what I know about how file uploading works (you're required to set a byte limit right in the form in order for it to work at all) I'm betting there's no way TO bypass that.


----------



## Shokuji (Apr 12, 2009)

Firehazard said:


> By the way, the file in question did not bypass anything; it is well within the 10MB limit, and from what I know about how file uploading works (you're required to set a byte limit right in the form in order for it to work at all) I'm betting there's no way TO bypass that.


 First, please read the other posts above. What you posted about was addressed. Second, yes you can by 'editing' and then just re-uploading it (completely bypasses the 1280x1280 limitation).


----------



## krisCrash (Apr 12, 2009)

Shokuji said:


> I'm curious if people even read my post at all. =/ I even freakin' *bolded* the question! x_x



I read it several times, and again now, and it totally isn't what I read from it. Sorry but the wording was just not clear x_x



> Is this kind of behavior is costing FA more money to keep the site up and running, or do they have so much bandwidth they don't really care right now?


the only "behaviour" in your post is FA resizing images, so it comes off as "is it tough for FA to have to resize all those files?" or something similar.

You didn't say anything about reuploading, originally.


----------



## Firehazard (Apr 12, 2009)

Shokuji said:


> Second, yes you can by 'editing' and then just re-uploading it (completely bypasses the 1280x1280 limitation).



Um, wouldn't be so eager to complain about people not reading carefully if I were you ... I clearly said "10MB limit", not "1280 pixel limit".  To reiterate, this picture does not exceed either one, and no file over 10MB can ever be submitted to FurAffinity, even by cheating the system, due to how the code works OK, I just went in and looked at the HTML... apparently the 10MB limit _isn't_ hard-coded into the page, so ... what the crap?  According to both the tutorial I read and my own trial-and-error testing, there needs to be an <input type="hidden"> tag that defines the maximum filesize or the upload won't work!  Maybe Yak can shed some light on this?

I'm still guessing the 10MB limit is in the PHP code for editing what files are uploaded, though, since it's been around since the beginning whereas the 1280 thing was added fairly recently.

As for those who _do_ cheat the system, I'd reckon they all have a good reason for it.  The limits are mostly there to stop people who _needlessly_ upload humongous files, either because they don't know how to use the basic resizing features in their software or because they're just lazy.  In a perfect world, there would be a much higher limit to image dimensions, with the rule that people who abuse it can have their submissions forceably resized or deleted, and repeat offenders can be disciplined as seen fit.  As for now, I would like to know what the administration's position is on them.  For what it's worth, there's nothing in the ToS, SA, or AUP about these limits, suggesting to me that if someone does exploit this bug, it would not currently be within the admins' right to remove or edit it.  So far I haven't seen any examples that _are_ blatant abuse, but sooner or later I'm sure it's bound to happen.


----------



## SnowFox (Apr 12, 2009)

Firehazard said:


> OK, I just went in and looked at the HTML... apparently the 10MB limit _isn't_ hard-coded into the page, so ... what the crap?  According to both the tutorial I read and my own trial-and-error testing, there needs to be an <input type="hidden"> tag that defines the maximum filesize or the upload won't work!  Maybe Yak can shed some light on this?



That wouldn't be the best way to limit the file size since anything on the page could be edited and anything can be submitted to the upload script. The limit would probably be defined in the script itself where no one can bypass it, or maybe even set in the php.ini settings.


----------



## Firehazard (Apr 12, 2009)

SnowFox said:


> That wouldn't be the best way to limit the file size since anything on the page could be edited and anything can be submitted to the upload script. The limit would probably be defined in the script itself where no one can bypass it, or maybe even set in the php.ini settings.


What I meant was, according to my research, leaving off that tag is supposed to make the upload fail completely (and did, when I tried it myself).  But whatever.  A lot of software design stuff seems to be "well, I don't know why this combination of things worked for me, but it did so I won't question it and move on."


----------



## Runefox (Apr 14, 2009)

The limitation is 10MB for any file type (including Flash or audio), and if it's an image, if either width or height is beyond 1280 pixels in size, it will automatically resize the image and re-encode it to a lower quality setting. This is why the warning exists on the submission page to ensure that the file is below 1280x1280. The file at http://www.furaffinity.net/view/2161817/ is 1024x769, and well within both the 10MB size limit and 1280x1280 dimension limit. Ergo, nothing was done wrong here. I'm a rather bad culprit of this - My latest submission is a 24-bit PNG resized so that the largest dimension is exactly 1280, for a file size of 944KB. However, it is entirely within the scope of the rules.

In other words, when it does the resize, it will resize with a lower quality level than the original, resulting in a file size around 200KB. If it doesn't do the resize, then it will accept the file as-is, as long as it fits within the size guidelines.



> What I meant was, according to my research, leaving off that tag is supposed to make the upload fail completely (and did, when I tried it myself). But whatever. A lot of software design stuff seems to be "well, I don't know why this combination of things worked for me, but it did so I won't question it and move on."


There really isn't an upload "tag" in HTML that would allow for that - Actually, HTML doesn't even handle uploads at all. This is handled by PHP/Perl/Python/Ruby/Scripting Language Flavour Of the Month, which is invisible to the user (like you and me) altogether. All we see is the end result of what those scripts have done.


----------



## Firehazard (Apr 14, 2009)

Firehazard said:


> So far I haven't seen any examples that _are_ blatant abuse, but sooner or later I'm sure it's bound to happen.


Oh, look, it happened sooner than I thought.  Clearly we do need some kind of ruling on this, preferably one that doesn't penalize everyone who exceeds the 1280 limits since, as I said before, there _are_ perfectly valid reasons for doing so.



Runefox said:


> There really isn't an upload "tag" in HTML that would allow for that...


From http://www.php.net/manual/en/features.file-upload.post-method.php:


> <!-- MAX_FILE_SIZE must precede the file input field -->
> <input type="hidden" name="MAX_FILE_SIZE" value="30000" />


And so on.  My script errored out until I added that line to the form, is what I had been saying.


----------



## Runefox (Apr 14, 2009)

That's not standard HTML for anything in particular, and the markup does nothing to handle the upload or even the upload's max file size; that's a hidden input form that passes a variable on to the script on POST. In fact, that doesn't even technically _do_ anything.



> The MAX_FILE_SIZE hidden field (measured in bytes) must precede the file input field, and its value is the maximum filesize accepted by PHP. Fooling this setting on the browser side is quite easy, so never rely on files with a greater size being blocked by this feature. The PHP settings for maximum-size, however, cannot be fooled. *This form element should always be used as it saves users the trouble of waiting for a big file being transferred only to find that it was too big and the transfer failed.*



So in other words, the maximum file size limit is still what it always was, but instead of making the user wait if the file is larger than is allowed, it immediately says so. I'm fairly certain that it actually isn't really necessary. Whatever script you were using must have relied on a value for whatever reason (to check for browser-based limit check bypassing?). The real upload size limit sits in, in this case, the php.ini for PHP, and this HTML code really does nothing but cause a browser-based abort if the file size is higher than that value.


----------



## krisCrash (Apr 15, 2009)

isn't it just a matter of the same size checker working for the first upload, also working for editing?
We can clearly see it actually works for the first upload, after all.



> as I said before, there are perfectly valid reasons for doing so.


Except this is true, for long/wide images, an option is to limit the total amount of pixels


----------



## Firehazard (Apr 15, 2009)

krisCrash said:


> Except this is true, for long/wide images, an option is to limit the total amount of pixels


That would probably do it for most cases.  It would also cut down on people making things (comics and memes especially) 1280p wide, forcing users to scroll right, just so they can cram it all in the available space.

My solution would be something like this: Add something to the Submission Agreement that images over a certain size can be removed on the grounds of submitting "needlessly large images", or something.  Then when you've uploaded the image, it checks the dimensions (number of pixels, ideally), and if it's over a certain size, it alerts you to this and asks whether you want it rescaled or not, with a reminder that needlessly large images can be reported as a violation.

This is all in conjunction with the automated Report system that we've been discussing lately.  Images over the limit will have "needlessly large image" as one of the abuses you can report a submission for.  As with any reported offense, mods can then review the image and, if necessary, deliberate, and then either have the submission removed for abuse or lock it as a non-violation.


----------

