Profile picture uploads through the website are not checked for file size or aspect ratio

[logantgt]

Describe the bug
Profile pictures uploaded through the website are not checked for either file size or aspect ratio, causing potential server storage issues and layout issues. So far I have tested with images of as large as 30MB which is quite unreasonable for a single image.

To Reproduce
Steps to reproduce the behavior:

1. Go to the settings page of any profile you have access to
2. Attempt to upload a profile picture of massive dimensions or a strange aspect ratio
3. Save the profile picture
4. You will get some kind of unexpected behavior; if the page loads after the image is uploaded to the server, you'll see the site cropping the profile picture in some areas and displaying it completely in others.

Expected behavior
The site should have the ability to respond with an error informing the user that their image does not meet certain requirements, like a file size limit or acceptable aspect ratio like 1:1 (or ideally a cropping dialogue would be offered).

Screenshots

Environment Details

• OS: Fedora Workstation 36
• Browser and Version: Firefox (RPM) 106.0.3

[Ezoiar]

OH LOL

[Arcadius2006]

aspect ratio shouldn't be a problem, the game normally squashes or crops the image to fit it into the square/circle

filesize/resolution is a problem

[TorutheRedFox]

aspect ratio shouldn't be a problem, the game normally squashes or crops the image to fit it into the square/circle

filesize/resolution is a problem

lbp2 past a certain patch and lbp3 crop/letterbox (it seems to letterbox if the aspect ratio is past a certain width?), all other games feed the texture as-is making it get squashed

[vilijur]

*** edited by maintainer due to security concern ***

[content removed]

If I may provide a suggestion, it might be a good idea to have the server automatically downscale high resolution images that are too big that it would cause the game to crash. Though that might be harder to implement than having a resolution/file size limit when uploading images.

[sudokoko]

*** edited by maintainer due to security concern ***

[content removed]

If I may provide a suggestion, it might be a good idea to have the server automatically downscale high resolution images that are too big that it would cause the game to crash. Though that might be harder to implement than having a resolution/file size limit when uploading images.

Hey there! I'll be reaching out via DM shortly to discuss the security-related aspect of this comment with you privately. Given the security concern, I have gone ahead and edited your original message to remove reference of the security information.