diff options
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 3 |
2 files changed, 2 insertions, 2 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 396f01c27c..78fa24536f 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -191,6 +191,7 @@ p a { <ul class="menu"> <li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li> <li>[Fix] Allow MS SQL to properly connect when using the mssql driver and PHP is less than either 4.4.1 or 5.1 (Bug #13874)</li> + <li>[Fix] Ignore files containging HTML special chars in the filenames as gallery avatars (Bug #13906)</li> <li>[Fix] Multiple PM recipients not separated (Bug #13876)</li> </ul> diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 0194ec06a4..08b2d963ca 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1981,14 +1981,13 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var $dp2 = @opendir("$path/$file"); while (($sub_file = readdir($dp2)) !== false) { - if (preg_match('#\.(?:gif|png|jpe?g)$#i', $sub_file)) + if (preg_match('#^[^&"<>]*\.(?:gif|png|jpe?g)$#i', $sub_file)) { $avatar_list[$file][$avatar_row_count][$avatar_col_count] = array( 'file' => "$file/$sub_file", 'filename' => $sub_file, 'name' => ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))), ); - $avatar_col_count++; if ($avatar_col_count == $items_per_column) { |