Menu
▾
▴
[Phpbb-checkins] CVS: phpBB2 profile.php,1.120,1.121
|
From: Paul S. O. <ps...@us...> - 2001-10-15 16:00:51
|
Update of /cvsroot/phpbb/phpBB2
In directory usw-pr-cvs1:/tmp/cvs-serv30879
Modified Files:
profile.php
Log Message:
Fix for potential security/HTML abuse problem, thanks Silverion
Index: profile.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/profile.php,v
retrieving revision 1.120
retrieving revision 1.121
diff -C2 -r1.120 -r1.121
*** profile.php 2001/10/14 22:32:38 1.120
--- profile.php 2001/10/15 16:00:47 1.121
***************
*** 927,931 ****
$user_avatar_remoteurl = "http://" . $user_avatar_remoteurl;
}
! $avatar_sql = ", user_avatar = '$user_avatar_remoteurl', user_avatar_type = " . USER_AVATAR_REMOTE;
}
}
--- 927,940 ----
$user_avatar_remoteurl = "http://" . $user_avatar_remoteurl;
}
!
! if( preg_match("/^http\:\/\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+\/.*?\.(gif|jpg|png)$/is", $user_avatar_remoteurl) )
! {
! $avatar_sql = ", user_avatar = '$user_avatar_remoteurl', user_avatar_type = " . USER_AVATAR_REMOTE;
! }
! else
! {
! $error = true;
! $error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];
! }
}
}
|
