makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/avatars] Use array for allowed extensions and implode if needed

Browse source 
PHPBB3-10018
This commit is contained in:
Marc Alexander 2013-02-06 23:47:14 +01:00
parent c56db535b4
commit 5a4da46f9b
4 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
phpBB/includes/avatar/driver/driver.php
View file

@ -54,7 +54,12 @@ abstract class phpbb_avatar_driver implements phpbb_avatar_driver_interface
/**
* Regex for allowed avatar image extensions
*/
const REGEX_ALLOWED_EXT = 'gif|jpg|jpeg|png';
protected $allowed_extensions = array(
'gif',
'jpg',
'jpeg',
'png',
);
/**
* Construct a driver object

2
phpBB/includes/avatar/driver/local.php
View file

@ -162,7 +162,7 @@ class phpbb_avatar_driver_local extends phpbb_avatar_driver
$image = $file_info->getFilename();
// Match all images in the gallery folder
if (preg_match('#^[^&\'"<>]+\.(?:'. self::REGEX_ALLOWED_EXT . ')$#i', $image) && is_file($file_path . '/' . $image))
if (preg_match('#^[^&\'"<>]+\.(?:' . implode('|', $this->allowed_extensions) . ')$#i', $image) && is_file($file_path . '/' . $image))
{
if (function_exists('getimagesize'))
{

2
phpBB/includes/avatar/driver/remote.php
View file

@ -84,7 +84,7 @@ class phpbb_avatar_driver_remote extends phpbb_avatar_driver
// Check if this url looks alright
// This isn't perfect, but it's what phpBB 3.0 did, and might as well make sure everything is compatible
if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. self::REGEX_ALLOWED_EXT . ')$#i', $url))
if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url))
{
$error[] = 'AVATAR_URL_INVALID';
return false;

2
phpBB/includes/avatar/driver/upload.php
View file

@ -66,7 +66,7 @@ class phpbb_avatar_driver_upload extends phpbb_avatar_driver
include($this->phpbb_root_path . 'includes/functions_upload' . $this->php_ext);
}
$upload = new fileupload('AVATAR_', explode('|', self::REGEX_ALLOWED_EXT), $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], (isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false));
$upload = new fileupload('AVATAR_', $this->allowed_extensions, $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], (isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false));
$url = $request->variable('avatar_upload_url', '');
$upload_file = $request->file('avatar_upload_file');