3 files changed, 30 insertions, 1 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000..3e0f454e0c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+phpBB/cache/*.php
+*~
+\ No newline at end of file
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 50aad8588a..952b55cc8c 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -300,7 +300,7 @@ class bbcode_firstpass extends bbcode
 
 		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
 		{
-			$stats = @getimagesize($in);
+			$stats = @getimagesize(htmlspecialchars_decode($in));
 
 			if ($stats === false)
 			{
diff --git a/phpBB/web.config b/phpBB/web.config
new file mode 100644
index 0000000000..128fe3c98f
--- /dev/null
+++ b/phpBB/web.config
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+	<system.webServer>
+		<security>
+			<requestFiltering>
+				<hiddenSegments>
+					<add segment="cache" />
+					<add segment="files" />
+					<add segment="store" />
+					<add segment="config.php" />
+					<add segment="common.php" />
+				</hiddenSegments>
+			</requestFiltering>
+		</security>
+	</system.webServer>
+	<location path="images/avatars">
+		<system.webServer>
+			<security>
+				<requestFiltering>
+					<hiddenSegments>
+						<add segment="upload" />
+					</hiddenSegments>
+				</requestFiltering>
+			</security>
+		</system.webServer>
+	</location>
+</configuration>