From fefdfcd26377d21fcdedf0b1d42d09ab4f8fbf44 Mon Sep 17 00:00:00 2001
From: the_systech <the_systech@users.sourceforge.net>
Date: Mon, 29 Apr 2002 14:45:07 +0000
Subject: [PATCH] Fix for possible security issues..

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2545 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/usercp_avatar.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/phpBB/includes/usercp_avatar.php b/phpBB/includes/usercp_avatar.php
index 61544d6eb6..d74622e326 100644
--- a/phpBB/includes/usercp_avatar.php
+++ b/phpBB/includes/usercp_avatar.php
@@ -74,7 +74,7 @@ function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
 		$avatar_filename = 'http://' . $avatar_filename;
 	}
 
-	if ( !preg_match('#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
+	if ( !preg_match('#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/[^\"]*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
 	{
 		$error = true;
 		$error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];
@@ -333,4 +333,4 @@ function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current
 	return;
 }
 
-?>
\ No newline at end of file
+?>