diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2010-10-28 21:41:14 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2010-10-28 22:00:04 +0200 |
| commit | ac26bb458f2a2ea60848921826c69bfe03e676db (patch) | |
| tree | 41f832a2d381d38e4e6316b83baa87bdd93512f0 /phpBB/includes/functions_user.php | |
| parent | 6ff403c9f8fd19e5ddf81fdf3e8bb27018b519b9 (diff) | |
| download | forums-ac26bb458f2a2ea60848921826c69bfe03e676db.tar forums-ac26bb458f2a2ea60848921826c69bfe03e676db.tar.gz forums-ac26bb458f2a2ea60848921826c69bfe03e676db.tar.bz2 forums-ac26bb458f2a2ea60848921826c69bfe03e676db.tar.xz forums-ac26bb458f2a2ea60848921826c69bfe03e676db.zip | |
[ticket/9764] Allow $config['mime_triggers'] to be an empty string.
explode('|', '') and explode('|', NULL) both return array(0 => '') which can
cause filespec::check_content() to reject everything starting with a '<'
character in case $config['mime_triggers'] is an empty string or not set.
fileupload::set_disallowed_content() now filters out empty strings by calling
array_diff() on the passed array, so setting $config['mime_triggers'] to an
empty string will turn off mime checking completely.
On the other side we want to fail safe if $config['mime_triggers'] is not set
at all. To do this, the array fileupload::$disallowed_content now contains some
default strings to be filtered out.
PHPBB3-9764
Diffstat (limited to 'phpBB/includes/functions_user.php')
| -rw-r--r-- | phpBB/includes/functions_user.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index f2c80705ba..90341cd926 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -2080,7 +2080,7 @@ function avatar_upload($data, &$error) // Init upload class include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); - $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers'])); + $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false)); if (!empty($_FILES['uploadfile']['name'])) { |