From 9d5befd6dafb40cbf700988eec039ba944c34c21 Mon Sep 17 00:00:00 2001
From: dougk_ff7 <dougk_ff7@users.sourceforge.net>
Date: Mon, 8 Jul 2002 15:22:24 +0000
Subject: [PATCH] One last security bug by Ludovic Arnaud has been fixed...
 Forgot about it last night... --Doug

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2659 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/usercp_register.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpBB/includes/usercp_register.php b/phpBB/includes/usercp_register.php
index fa6b93a62b..85ec4b6d38 100644
--- a/phpBB/includes/usercp_register.php
+++ b/phpBB/includes/usercp_register.php
@@ -174,7 +174,7 @@ if (
 	$user_avatar = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : '';
 	$user_avatar_type = ( empty($user_avatar_loc) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : '';
 
-	if ( isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar']) )
+	if ( (isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar'])) && (!isset($HTTP_POST_VARS['submit'])) )
 	{
 		$username = stripslashes($username);
 		$email = stripslashes($email);