diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2013-11-23 00:54:40 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2013-11-23 00:54:56 +0100 |
| commit | 943ab555da799fd94b221d5cd0a82fce568de042 (patch) | |
| tree | 613e88d68c78b7680a8e5b3654c52552c7a2598a /phpBB/phpbb/avatar/driver/remote.php | |
| parent | e108418824857e670a92f516285455f79bf6e12a (diff) | |
| parent | 0d0b2627f723c3003af0ea301511a972008e7734 (diff) | |
| download | forums-943ab555da799fd94b221d5cd0a82fce568de042.tar forums-943ab555da799fd94b221d5cd0a82fce568de042.tar.gz forums-943ab555da799fd94b221d5cd0a82fce568de042.tar.bz2 forums-943ab555da799fd94b221d5cd0a82fce568de042.tar.xz forums-943ab555da799fd94b221d5cd0a82fce568de042.zip | |
Merge branch 'develop' of https://github.com/phpbb/phpbb3 into ticket/11912
Conflicts:
phpBB/config/services.yml
Diffstat (limited to 'phpBB/phpbb/avatar/driver/remote.php')
| -rw-r--r-- | phpBB/phpbb/avatar/driver/remote.php | 39 |
1 files changed, 31 insertions, 8 deletions
diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php index 1aa638dfe5..22d50c703e 100644 --- a/phpBB/phpbb/avatar/driver/remote.php +++ b/phpBB/phpbb/avatar/driver/remote.php @@ -10,14 +10,6 @@ namespace phpbb\avatar\driver; /** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - -/** * Handles avatars hosted remotely * @package phpBB3 */ @@ -125,6 +117,37 @@ class remote extends \phpbb\avatar\driver\driver $types = \fileupload::image_types(); $extension = strtolower(\filespec::get_extension($url)); + // Check if this is actually an image + if ($file_stream = @fopen($url, 'r')) + { + // Timeout after 1 second + stream_set_timeout($file_stream, 1); + $meta = stream_get_meta_data($file_stream); + foreach ($meta['wrapper_data'] as $header) + { + $header = preg_split('/ /', $header, 2); + if (strtr(strtolower(trim($header[0], ':')), '_', '-') === 'content-type') + { + if (strpos($header[1], 'image/') !== 0) + { + $error[] = 'AVATAR_URL_INVALID'; + fclose($file_stream); + return false; + } + else + { + fclose($file_stream); + break; + } + } + } + } + else + { + $error[] = 'AVATAR_URL_INVALID'; + return false; + } + if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]]))) { if (!isset($types[$image_data[2]])) |