on ERPnext
If you use " image data URI " instead of " image URL " on user image By mistake
the user can not login and this user will not be in the List for the User
if you search for hem by anther user
and if you try to login it will show
"
**Sorry! ** We will be back soon.
Don’t panic. It’s not you, it’s us.
Most likely, our engineers are updating the code, and it should take a minute for the new code to load into memory.
did it and broke the site
Sorry!
We will be back soon.
Don’t panic. It’s not you, it’s us.
Most likely, our engineers are updating the code, and it should take a minute for the new code to load into memory.
you copy the uri and past it in profile picture for the user … the system will break
try this image ( erpnext logo )
data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxzdmcKICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIgogICB4bWxuczpjYz0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjIgogICB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiCiAgIHhtbG5zOnN2Zz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciCiAgIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIKICAgaWQ9InN2ZzUyNzEiCiAgIHZlcnNpb249IjEuMSIKICAgdmlld0JveD0iMCAwIDg3LjMxMjUzMSA4Ny4zMTI1MTUiCiAgIGhlaWdodD0iMzMwLjAwMDA2IgogICB3aWR0aD0iMzMwLjAwMDEyIj4KICA8ZGVmcwogICAgIGlkPSJkZWZzNTI2NSIgLz4KICA8bWV0YWRhdGEKICAgICBpZD0ibWV0YWRhdGE1MjY4Ij4KICAgIDxyZGY6UkRGPgogICAgICA8Y2M6V29yawogICAgICAgICByZGY6YWJvdXQ9IiI+CiAgICAgICAgPGRjOmZvcm1hdD5pbWFnZS9zdmcreG1sPC9kYzpmb3JtYXQ+CiAgICAgICAgPGRjOnR5cGUKICAgICAgICAgICByZGY6cmVzb3VyY2U9Imh0dHA6Ly9wdXJsLm9yZy9kYy9kY21pdHlwZS9TdGlsbEltYWdlIiAvPgogICAgICAgIDxkYzp0aXRsZT48L2RjOnRpdGxlPgogICAgICAgIDxjYzpsaWNlbnNlCiAgICAgICAgICAgcmRmOnJlc291cmNlPSJodHRwOi8vY3JlYXRpdmVjb21tb25zLm9yZy9saWNlbnNlcy9ieS1zYS80LjAvIiAvPgogICAgICA8L2NjOldvcms+CiAgICAgIDxjYzpMaWNlbnNlCiAgICAgICAgIHJkZjphYm91dD0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbGljZW5zZXMvYnktc2EvNC4wLyI+CiAgICAgICAgPGNjOnBlcm1pdHMKICAgICAgICAgICByZGY6cmVzb3VyY2U9Imh0dHA6Ly9jcmVhdGl2ZWNvbW1vbnMub3JnL25zI1JlcHJvZHVjdGlvbiIgLz4KICAgICAgICA8Y2M6cGVybWl0cwogICAgICAgICAgIHJkZjpyZXNvdXJjZT0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjRGlzdHJpYnV0aW9uIiAvPgogICAgICAgIDxjYzpyZXF1aXJlcwogICAgICAgICAgIHJkZjpyZXNvdXJjZT0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjTm90aWNlIiAvPgogICAgICAgIDxjYzpyZXF1aXJlcwogICAgICAgICAgIHJkZjpyZXNvdXJjZT0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjQXR0cmlidXRpb24iIC8+CiAgICAgICAgPGNjOnBlcm1pdHMKICAgICAgICAgICByZGY6cmVzb3VyY2U9Imh0dHA6Ly9jcmVhdGl2ZWNvbW1vbnMub3JnL25zI0Rlcml2YXRpdmVXb3JrcyIgLz4KICAgICAgICA8Y2M6cmVxdWlyZXMKICAgICAgICAgICByZGY6cmVzb3VyY2U9Imh0dHA6Ly9jcmVhdGl2ZWNvbW1vbnMub3JnL25zI1NoYXJlQWxpa2UiIC8+CiAgICAgIDwvY2M6TGljZW5zZT4KICAgIDwvcmRmOlJERj4KICA8L21ldGFkYXRhPgogIDxnCiAgICAgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTUwLjA4MTgzOSwtMTA1LjkzMzAzKSIKICAgICBpZD0ibGF5ZXIxIj4KICAgIDxnCiAgICAgICB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMTU5Ni4wODI3LC00NjMuNDIwNzYpIgogICAgICAgaWQ9ImcxNDQ2LTQtNSI+CiAgICAgIDxnCiAgICAgICAgIHN0eWxlPSJzdHJva2Utd2lkdGg6MS4wMDAwMDA2IgogICAgICAgICB0cmFuc2Zvcm09Im1hdHJpeCgwLjk5OTk5ODksMCwwLDAuOTk5OTk5ODEsMjc5LjE5MTY3LDQzOC43ODI2KSIKICAgICAgICAgaWQ9ImcxNDIyLTctMiI+CiAgICAgICAgPGcKICAgICAgICAgICBzdHlsZT0ic3Ryb2tlLXdpZHRoOjEuMDAwMDAwNiIKICAgICAgICAgICBpZD0iZzE0MTgtNC02IgogICAgICAgICAgIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0yNS43MzEwMDIsLTAuMTMyMjYzNikiPgogICAgICAgICAgPGcKICAgICAgICAgICAgIHN0eWxlPSJzdHJva2Utd2lkdGg6MS4wMDAwMDA2IgogICAgICAgICAgICAgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTk1LjI1MDAwMikiCiAgICAgICAgICAgICBpZD0iZzE0MTYtNC05Ij4KICAgICAgICAgICAgPHBhdGgKICAgICAgICAgICAgICAgc3R5bGU9Im9wYWNpdHk6MTt2ZWN0b3ItZWZmZWN0Om5vbmU7ZmlsbDojNzU3NGZmO2ZpbGwtb3BhY2l0eToxO3N0cm9rZTpub25lO3N0cm9rZS13aWR0aDozLjk2ODc1MjYyO3N0cm9rZS1saW5lY2FwOmJ1dHQ7c3Ryb2tlLWxpbmVqb2luOm1pdGVyO3N0cm9rZS1taXRlcmxpbWl0OjQ7c3Ryb2tlLWRhc2hhcnJheTpub25lO3N0cm9rZS1kYXNob2Zmc2V0OjA7c3Ryb2tlLW9wYWNpdHk6MTtwYWludC1vcmRlcjpub3JtYWwiCiAgICAgICAgICAgICAgIGQ9Im0gMTUwMS4xODQ2LDEzMC43MDM0OCBoIDYwLjg1NDIgYyA3LjMyOSwwIDEzLjIyOTIsNS45MDAyIDEzLjIyOTIsMTMuMjI5MTYgdiA2MC44NTQxOSBjIDAsNy4zMjg5NiAtNS45MDAyLDEzLjIyOTE3IC0xMy4yMjkyLDEzLjIyOTE3IGggLTYwLjg1NDIgYyAtNy4zMjg5LDAgLTEzLjIyOTIsLTUuOTAwMjEgLTEzLjIyOTIsLTEzLjIyOTE3IHYgLTYwLjg1NDE5IGMgMCwtNy4zMjg5NiA1LjkwMDMsLTEzLjIyOTE2IDEzLjIyOTIsLTEzLjIyOTE2IHoiCiAgICAgICAgICAgICAgIGlkPSJwYXRoMTQxNC0zLTQiIC8+CiAgICAgICAgICA8L2c+CiAgICAgICAgPC9nPgogICAgICAgIDxnCiAgICAgICAgICAgaWQ9ImcxNDIwLTAtNCIKICAgICAgICAgICB0cmFuc2Zvcm09Im1hdHJpeCgxLjAxMzE0NzIsMCwwLDEuMDEzMTQ3MiwtMTQ0LjAxMzQ5LC0yLjI5MDU5MzgpIgogICAgICAgICAgIHN0eWxlPSJzdHJva2Utd2lkdGg6MC45ODcwMjQyNSIgLz4KICAgICAgPC9nPgogICAgICA8cGF0aAogICAgICAgICBpZD0iY2lyY2xlMTQyNC03LTYiCiAgICAgICAgIHRyYW5zZm9ybT0ibWF0cml4KDAuMjY0NTgzMzMsMCwwLDAuMjY0NTgzMzMsMTY0Ni4xNjQ1LDU2OS4zNTM3OSkiCiAgICAgICAgIGQ9Ik0gMTY0LjkyNTc4IDIyOC4wMDk3NyBBIDQxMi42MDQ1MyA0MTIuNjA0NTMgMCAwIDAgMCAyNjIuOTQ5MjIgTCAwIDI4MCBDIDAgMzA3LjcwMDAxIDIyLjMwMDIyIDMzMCA1MCAzMzAgTCAyODAgMzMwIEMgMzA3LjY5OTc4IDMzMCAzMzAgMzA3LjcwMDAxIDMzMCAyODAgTCAzMzAgMjYyLjcwNTA4IEEgNDEyLjYwNDUzIDQxMi42MDQ1MyAwIDAgMCAxNjQuOTI1NzggMjI4LjAwOTc3IHogIgogICAgICAgICBjbGlwLXBhdGg9Im5vbmUiCiAgICAgICAgIHN0eWxlPSJvcGFjaXR5OjE7dmVjdG9yLWVmZmVjdDpub25lO2ZpbGw6IzY1NjRmOTtmaWxsLW9wYWNpdHk6MTtzdHJva2U6bm9uZTtzdHJva2Utd2lkdGg6MTU7c3Ryb2tlLWxpbmVjYXA6YnV0dDtzdHJva2UtbGluZWpvaW46bWl0ZXI7c3Ryb2tlLW1pdGVybGltaXQ6NDtzdHJva2UtZGFzaGFycmF5Om5vbmU7c3Ryb2tlLWRhc2hvZmZzZXQ6MDtzdHJva2Utb3BhY2l0eToxO3BhaW50LW9yZGVyOm5vcm1hbCIgLz4KICAgICAgPGcKICAgICAgICAgc3R5bGU9ImZpbGw6IzRhMTVjNjtmaWxsLW9wYWNpdHk6MSIKICAgICAgICAgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMi44MTQ0NTIzLDAuODQ3ODQyNTkpIgogICAgICAgICBpZD0iZzE0MzQtOC0wIiAvPgogICAgICA8ZwogICAgICAgICBpZD0iZzE0NDQtNi03IgogICAgICAgICB0cmFuc2Zvcm09InRyYW5zbGF0ZSgzLjg3Mjc4NTcsLTAuMzI1MjQ5NTIpIj4KICAgICAgICA8cGF0aAogICAgICAgICAgIHN0eWxlPSJvcGFjaXR5OjE7dmVjdG9yLWVmZmVjdDpub25lO2ZpbGw6I2ZmZmZmZjtmaWxsLW9wYWNpdHk6MTtzdHJva2U6bm9uZTtzdHJva2Utd2lkdGg6MTU7c3Ryb2tlLWxpbmVjYXA6YnV0dDtzdHJva2UtbGluZWpvaW46bWl0ZXI7c3Ryb2tlLW1pdGVybGltaXQ6NDtzdHJva2UtZGFzaGFycmF5Om5vbmU7c3Ryb2tlLWRhc2hvZmZzZXQ6MDtzdHJva2Utb3BhY2l0eToxO3BhaW50LW9yZGVyOm5vcm1hbCIKICAgICAgICAgICBkPSJtIDM3MzguOTQ3Myw5NTEuNzg1MTYgYyAtMS4wMzg4LDAgLTIuMDUxMSwwLjEwNTUyIC0zLjAyOTMsMC4zMDQ2OCAtMC45NzgzLDAuMTk5MTYgLTEuOTIyNSwwLjQ5MjU4IC0yLjgyMDMsMC44NzExIC0wLjQ0OSwwLjE4OTI2IC0wLjg4NTQsMC40MDA0NyAtMS4zMTA2LDAuNjMwODYgLTAuODUwMywwLjQ2MDc2IC0xLjY1MDQsMS4wMDA5MSAtMi4zOTA2LDEuNjExMzIgLTMuMzMxMiwyLjc0Njg3IC01LjQ0OTIsNi45MDc2NiAtNS40NDkyLDExLjU4MjA0IHYgMC45MTQwNiAxMzMuMTczNzggMC45MTIyIGMgMCw4LjMxIDYuNjksMTUgMTUsMTUgaCAxMDQuOTA4MiBjIDguMzEsMCAxNSwtNi42OSAxNSwtMTUgdiAtMC45MTIyIGMgMCwtOC4zMSAtNi42OSwtMTUgLTE1LC0xNSBoIC04OC45OTQyIHYgLTM3LjM2MTMgaCA2Ni4xNjk5IGMgOC4zMSwwIDE1LC02LjY5IDE1LC0xNSB2IC0wLjkxMjEgYyAwLC04LjMxIC02LjY5LC0xNSAtMTUsLTE1IGggLTY2LjE2OTkgdiAtMzQuOTAwMzggaCA4OC45OTQyIGMgOC4zMSwwIDE1LC02LjY5IDE1LC0xNSB2IC0wLjkxNDA2IGMgMCwtOC4zMSAtNi42OSwtMTUgLTE1LC0xNSB6IgogICAgICAgICAgIHRyYW5zZm9ybT0ibWF0cml4KDAuMjY0NTgzMzQsMCwwLDAuMjY0NTgzMzQsNjgyLjgwNjI2LDMzOS42ODA1MSkiCiAgICAgICAgICAgaWQ9InJlY3QxNDM2LTgtNCIgLz4KICAgICAgPC9nPgogICAgPC9nPgogIDwvZz4KPC9zdmc+Cg==
Okay shit this is serious. I’ve traced, exists on the latest and production too. I had my site go down too. @codingCoffee states this only exists in terms of produciton
I just recovered from my crash by updating the user image within console.
Diagnosed the issue. Here’s what happens. data URI ends up being more in terms of memory. This is retrieved during initial login when you’re expecting a cookie. Cookie data is of limited characters and hence this gets truncated, thereby Login Failure. The fix is simple, maybe have a User Image validation check that’s all. Will dispatch the fix tomorrow at the earliest.
Meanwhile to unbrick your site simply
$ bench --site SITE_NAME mariadb
sitename> UPDATE `tabUser` SET user_image = "" WHERE name in ('example@gmail.com')
You’d need a more complex query if you want to retrieve your previous user image (via the Version DocType, but meh.)
Should fix your site. Thanks for noticing and trying this out. This issue potentially could propagate vulnerability and site down for many sites.