diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2007-09-15 13:27:06 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2007-09-15 13:27:06 +0000 |
| commit | 36e99af959799eab6610fc6f3ca0e2c76ba4020f (patch) | |
| tree | 6c007e9bb7861f21e1a8cdab7c04992f548c00c7 /phpBB | |
| parent | 09f6cf11dd16893eea6836175773454a382f04df (diff) | |
| download | forums-36e99af959799eab6610fc6f3ca0e2c76ba4020f.tar forums-36e99af959799eab6610fc6f3ca0e2c76ba4020f.tar.gz forums-36e99af959799eab6610fc6f3ca0e2c76ba4020f.tar.bz2 forums-36e99af959799eab6610fc6f3ca0e2c76ba4020f.tar.xz forums-36e99af959799eab6610fc6f3ca0e2c76ba4020f.zip | |
#14466
git-svn-id: file:///svn/phpbb/trunk@8091 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 4 |
2 files changed, 3 insertions, 2 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 16082c203c..f2f6f56698 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -209,6 +209,7 @@ p a { <li>[Change] Reset the start parameter when the timeframe is changed in the mcp topic page (Ticket #14438)</li> <li>[Change] Added Code for cleaning the confirm table to the session garbage collection</li> <li>[Fix] Fixed token handling in jabber class for extremely spec-compilant XMPP server (Bug #14445)</li> + <li>[Fix] Disallowed galleries from using special characters (Bug #14466)</li> </ul> </div> diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index fed783e880..86113899c7 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1975,14 +1975,14 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var while (($file = readdir($dp)) !== false) { - if ($file[0] != '.' && is_dir("$path/$file")) + if ($file[0] != '.' && preg_match('#^[^&"\'<>]+$#i', $file) && is_dir("$path/$file")) { $avatar_row_count = $avatar_col_count = 0; $dp2 = @opendir("$path/$file"); while (($sub_file = readdir($dp2)) !== false) { - if (preg_match('#^[^&"<>]*\.(?:gif|png|jpe?g)$#i', $sub_file)) + if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $sub_file)) { $avatar_list[$file][$avatar_row_count][$avatar_col_count] = array( 'file' => "$file/$sub_file", |