makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix for potential security/HTML abuse problem, thanks Silverion

Browse source 
git-svn-id: file:///svn/phpbb/trunk@1205 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-10-15 16:00:47 +00:00
parent 7a83d1d233
commit 4e6cff3a80
1 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
phpBB/profile.php
View file

@ -926,8 +926,17 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{ {
$user_avatar_remoteurl = "http://" . $user_avatar_remoteurl; $user_avatar_remoteurl = "http://" . $user_avatar_remoteurl;
} }
if( preg_match("/^http\:\/\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+\/.*?\.(gif|jpg|png)$/is", $user_avatar_remoteurl) )
{
$avatar_sql = ", user_avatar = '$user_avatar_remoteurl', user_avatar_type = " . USER_AVATAR_REMOTE; $avatar_sql = ", user_avatar = '$user_avatar_remoteurl', user_avatar_type = " . USER_AVATAR_REMOTE;
} }
else
{
$error = true;
$error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];
}
}
} }
if( $board_config['allow_avatar_local'] && !$error ) if( $board_config['allow_avatar_local'] && !$error )