makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-09 04:48:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/10038] Use request_var() in the avatar code path of download/file.php

Browse source 
There is no reason not to use request_var() here because it is available anyway
since 3afd2c6948.

This change especially prevents submitting an array which might then throw an
error in one of the string functions substr() or strpos() later on.

PHPBB3-10038
This commit is contained in:
Andreas Fischer 2011-02-12 19:12:51 +01:00
parent 0588ba25cb
commit 23d2798b6d
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/download/file.php
View file

@ -64,7 +64,7 @@ if (isset($_GET['avatar']))
$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0'; $browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
$config = $cache->obtain_config(); $config = $cache->obtain_config();
$filename = $_GET['avatar']; $filename = request_var('avatar', '');
$avatar_group = false; $avatar_group = false;
$exit = false; $exit = false;