aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/functions_upload.php
diff options
context:
space:
mode:
authorAndreas Fischer <bantu@phpbb.com>2010-10-28 21:41:14 +0200
committerAndreas Fischer <bantu@phpbb.com>2010-10-28 22:00:04 +0200
commitac26bb458f2a2ea60848921826c69bfe03e676db (patch)
tree41f832a2d381d38e4e6316b83baa87bdd93512f0 /phpBB/includes/functions_upload.php
parent6ff403c9f8fd19e5ddf81fdf3e8bb27018b519b9 (diff)
downloadforums-ac26bb458f2a2ea60848921826c69bfe03e676db.tar
forums-ac26bb458f2a2ea60848921826c69bfe03e676db.tar.gz
forums-ac26bb458f2a2ea60848921826c69bfe03e676db.tar.bz2
forums-ac26bb458f2a2ea60848921826c69bfe03e676db.tar.xz
forums-ac26bb458f2a2ea60848921826c69bfe03e676db.zip
[ticket/9764] Allow $config['mime_triggers'] to be an empty string.
explode('|', '') and explode('|', NULL) both return array(0 => '') which can cause filespec::check_content() to reject everything starting with a '<' character in case $config['mime_triggers'] is an empty string or not set. fileupload::set_disallowed_content() now filters out empty strings by calling array_diff() on the passed array, so setting $config['mime_triggers'] to an empty string will turn off mime checking completely. On the other side we want to fail safe if $config['mime_triggers'] is not set at all. To do this, the array fileupload::$disallowed_content now contains some default strings to be filtered out. PHPBB3-9764
Diffstat (limited to 'phpBB/includes/functions_upload.php')
-rw-r--r--phpBB/includes/functions_upload.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index 7f09cc1640..d5bbd80242 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -458,7 +458,7 @@ class fileerror extends filespec
class fileupload
{
var $allowed_extensions = array();
- var $disallowed_content = array();
+ var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title');
var $max_filesize = 0;
var $min_width = 0;
var $min_height = 0;
@@ -539,7 +539,7 @@ class fileupload
{
if ($disallowed_content !== false && is_array($disallowed_content))
{
- $this->disallowed_content = $disallowed_content;
+ $this->disallowed_content = array_diff($disallowed_content, array(''));
}
}