diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2008-05-28 13:05:45 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2008-05-28 13:05:45 +0000 |
| commit | 91b4fe1868ca2c4d81111943f781e3cfd0262ef2 (patch) | |
| tree | 3c41b59d9938c5fa5e06b7b1c2d2b95b33437e3f | |
| parent | 28e8c3ea8587f7dc2d37068a92ebd9d0dfc230c6 (diff) | |
| download | forums-91b4fe1868ca2c4d81111943f781e3cfd0262ef2.tar forums-91b4fe1868ca2c4d81111943f781e3cfd0262ef2.tar.gz forums-91b4fe1868ca2c4d81111943f781e3cfd0262ef2.tar.bz2 forums-91b4fe1868ca2c4d81111943f781e3cfd0262ef2.tar.xz forums-91b4fe1868ca2c4d81111943f781e3cfd0262ef2.zip | |
Merging mime and referer checks into the Trunk
git-svn-id: file:///svn/phpbb/trunk@8571 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/includes/acp/acp_attachments.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 11 | ||||
| -rw-r--r-- | phpBB/includes/constants.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/functions_posting.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/functions_upload.php | 59 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 56 | ||||
| -rw-r--r-- | phpBB/install/database_update.php | 9 | ||||
| -rw-r--r-- | phpBB/install/schemas/schema_data.sql | 5 | ||||
| -rw-r--r-- | phpBB/language/en/acp/attachments.php | 2 | ||||
| -rw-r--r-- | phpBB/language/en/acp/board.php | 11 | ||||
| -rw-r--r-- | phpBB/language/en/acp/common.php | 1 | ||||
| -rw-r--r-- | phpBB/language/en/common.php | 1 | ||||
| -rw-r--r-- | phpBB/language/en/posting.php | 1 |
14 files changed, 157 insertions, 15 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 2140aacff1..89769552bd 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -113,7 +113,9 @@ class acp_attachments 'max_attachments_pm' => array('lang' => 'MAX_ATTACHMENTS_PM', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => false), 'secure_downloads' => array('lang' => 'SECURE_DOWNLOADS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'secure_allow_deny' => array('lang' => 'SECURE_ALLOW_DENY', 'validate' => 'int', 'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true), - 'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'check_attachment_content' => array('lang' => 'CHECK_CONTENT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'legend2' => $l_legend_cat_images, 'img_display_inlined' => array('lang' => 'DISPLAY_INLINED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 0e9be94550..800abd875a 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -319,6 +319,7 @@ class acp_board 'ip_check' => array('lang' => 'IP_VALID', 'validate' => 'int', 'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true), 'browser_check' => array('lang' => 'BROWSER_VALID', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'forwarded_for_check' => array('lang' => 'FORWARDED_FOR_VALID', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'referer_validation' => array('lang' => 'REFERER_VALID', 'validate' => 'int:0:3','type' => 'custom', 'method' => 'select_ref_check', 'explain' => true), 'check_dnsbl' => array('lang' => 'CHECK_DNSBL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'email_check_mx' => array('lang' => 'EMAIL_CHECK_MX', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'validate' => 'string', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true), @@ -672,7 +673,17 @@ class acp_board return h_radio('config[ip_check]', $radio_ary, $value, $key); } + + /** + * Select referer validation + */ + function select_ref_check($value, $key = '') + { + $radio_ary = array(REFERER_VALIDATE_PATH => 'REF_PATH', REFERER_VALIDATE_HOST => 'REF_HOST', REFERER_VALIDATE_NONE => 'NO_REF_VALIDATION'); + return h_radio('config[referer_validation]', $radio_ary, $value, $key); + } + /** * Select account activation method */ diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index eb4eb77f22..7c681a4040 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -171,6 +171,11 @@ define('FIELD_BOOL', 4); define('FIELD_DROPDOWN', 5); define('FIELD_DATE', 6); +// referer validation +define('REFERER_VALIDATE_NONE', 0); +define('REFERER_VALIDATE_HOST', 1); +define('REFERER_VALIDATE_PATH', 2); + // Additional constants define('VOTE_CONVERTED', 127); diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 7d9945684d..877ba8c912 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -358,6 +358,11 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); $upload = new fileupload(); + if ($config['check_attachment_content']) + { + $upload->set_disallowed_content(explode('|', $config['mime_triggers'])); + } + if (!$local) { $filedata['post_attach'] = ($upload->is_valid($form_name)) ? true : false; diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 0a1ed1fab2..96c5562adf 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -228,6 +228,34 @@ class filespec { return @filesize($filename); } + + + /** + * Check the first 256 bytes for forbidden content + */ + function check_content($disallowed_content) + { + if (empty($disallowed_content)) + { + return true; + } + + $fp = @fopen($this->filename, 'rb'); + + if ($fp !== false) + { + $ie_mime_relevant = fread($fp, 256); + fclose($fp); + foreach ($disallowed_content as $forbidden) + { + if (stripos($ie_mime_relevant, '<' . $forbidden) !== false) + { + return false; + } + } + } + return true; + } /** * Move file to destination folder @@ -427,6 +455,7 @@ class fileerror extends filespec class fileupload { var $allowed_extensions = array(); + var $disallowed_content = array(); var $max_filesize = 0; var $min_width = 0; var $min_height = 0; @@ -446,12 +475,13 @@ class fileupload * @param int $max_height Maximum image height (only checked for images) * */ - function __construct($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false) + function __construct($error_prefix = '', $allowed_extensions = false, $max_filesize = false, $min_width = false, $min_height = false, $max_width = false, $max_height = false, $disallowed_content = false) { $this->set_allowed_extensions($allowed_extensions); $this->set_max_filesize($max_filesize); $this->set_allowed_dimensions($min_width, $min_height, $max_width, $max_height); $this->set_error_prefix($error_prefix); + $this->set_disallowed_content($disallowed_content); } /** @@ -463,6 +493,7 @@ class fileupload $this->min_width = $this->min_height = $this->max_width = $this->max_height = 0; $this->error_prefix = ''; $this->allowed_extensions = array(); + $this->disallowed_content = array(); } /** @@ -497,6 +528,17 @@ class fileupload $this->max_filesize = (int) $max_filesize; } } + + /** + * Set disallowed strings + */ + function set_disallowed_content($disallowed_content) + { + if ($disallowed_content !== false && is_array($disallowed_content)) + { + $this->disallowed_content = $disallowed_content; + } + } /** * Set error prefix @@ -830,6 +872,12 @@ class fileupload { $file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension')); } + + // MIME Sniffing + if (!$this->valid_content($file)) + { + $file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_CONTENT']); + } } /** @@ -869,6 +917,15 @@ class fileupload return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false; } + + /** + * Check for allowed extension + */ + function valid_content(&$file) + { + return ($file->check_content($this->disallowed_content)); + } + /** * Return image type/extension mapping */ diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 40dc87b2e1..8519cd4fa6 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1881,7 +1881,7 @@ function avatar_upload($data, &$error) // Init upload class include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); - $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']); + $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers'])); if (!empty($_FILES['uploadfile']['name'])) { diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index cb1f3bd8d0..6db65509ec 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -157,6 +157,7 @@ class session $this->cookie_data = array('u' => 0, 'k' => ''); $this->update_session_page = $update_session_page; $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; + $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $this->page = $this->extract_current_page($phpbb_root_path); @@ -265,8 +266,18 @@ class session $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; + + // referer checks + $check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH; + $referer_valid = true; + // we assume HEAD and TRACE to be foul play and thus only whitelist GET + if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') + { + $referer_valid = $this->validate_referer($check_referer_path); + } + - if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for) + if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid) { $session_expired = false; @@ -344,7 +355,14 @@ class session // Added logging temporarly to help debug bugs... if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS) { - add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for)); + if ($referer_valid) + { + add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for)); + } + else + { + add_log('critical', 'LOG_REFERER_INVALID', $this->referer); + } } } } @@ -1271,6 +1289,40 @@ class session $this->set_login_key($user_id); } } + + + /** + * Check if the request originated from the same page. + * @param bool $check_script_path If true, the path will be checked as well + */ + function validate_referer($check_script_path = false) + { + // no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason) + if (empty($this->referer) || empty($this->host) ) + { + return true; + } + $host = htmlspecialchars($this->host); + $ref = substr($this->referer, strpos($this->referer, '://') + 3); + if (!(stripos($ref , $host) === 0)) + { + return false; + } + else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '') + { + $ref = substr($ref, strlen($host)); + $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); + if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0) + { + $ref = substr($ref, strlen(":$server_port")); + } + if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) + { + return false; + } + } + return true; + } } diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index c0b59ecd5c..277fc055df 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -1112,10 +1112,15 @@ function change_database_data($version) _sql($sql, $errored, $error_ary); } } - - // TODO: remove all form token min times break; + + case '3.0.1': + + set_config('referer_validation', '1'); + set_config('check_attachment_content', '1'); + set_config('mime_triggers', 'body|head|html|img|plaintext|a href|pre|script|table|title'); + } } diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index 20bfa76862..e59fa69583 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -64,6 +64,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_foreground_noise', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_x_grid', '25'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_y_grid', '25'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('check_attachment_content', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('check_dnsbl', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('chg_passforce', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('cookie_domain', ''); @@ -172,8 +173,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_sig_urls', '5' INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_name_chars', '3'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_pass_chars', '6'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_search_author_chars', '3'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_time_reg', '0'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_time_terms', '0'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('mime_triggers', 'body|head|html|img|plaintext|a href|pre|script|table|title'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('override_user_style', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('pass_complex', 'PASS_TYPE_ANY'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('pm_edit_time', '0'); @@ -184,6 +184,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('print_pm', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('queue_interval', '600'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('ranks_path', 'images/ranks'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('require_activation', '0'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('referer_validation', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_block_size', '250'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_gc', '7200'); diff --git a/phpBB/language/en/acp/attachments.php b/phpBB/language/en/acp/attachments.php index 6edae1a4cc..594eb9de33 100644 --- a/phpBB/language/en/acp/attachments.php +++ b/phpBB/language/en/acp/attachments.php @@ -71,6 +71,8 @@ $lang = array_merge($lang, array( 'CAT_QUICKTIME_FILES' => 'Quicktime media files', 'CAT_RM_FILES' => 'RealMedia media files', 'CAT_WM_FILES' => 'Windows Media media files', + 'CHECK_CONTENT' => 'Check attachment files', + 'CHECK_CONTENT_EXPLAIN' => 'Some browsers can be tricked to assume an incorrect mimetype for uploaded files. This option ensures that such files likely to cause this are rejected.', 'CREATE_GROUP' => 'Create new group', 'CREATE_THUMBNAIL' => 'Create thumbnail', 'CREATE_THUMBNAIL_EXPLAIN' => 'Create a thumbnail in all possible situations.', diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index f328c05882..ae122c54ee 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -206,10 +206,6 @@ $lang = array_merge($lang, array( 'ENABLE_COPPA_EXPLAIN' => 'This requires users to declare whether they are 13 or over for compliance with the U.S. COPPA. If this is disabled the COPPA specific groups will no longer be displayed.', 'MAX_CHARS' => 'Max', 'MIN_CHARS' => 'Min', - 'MIN_TIME_REG' => 'Minimum time for registration', - 'MIN_TIME_REG_EXPLAIN' => 'The registration form cannot be submitted before this time has passed.', - 'MIN_TIME_TERMS' => 'Minimum time for accepting terms', - 'MIN_TIME_TERMS_EXPLAIN' => 'The terms page cannot be skipped before this time has passed.', 'NO_AUTH_PLUGIN' => 'No suitable auth plugin found.', 'PASSWORD_LENGTH' => 'Password length', 'PASSWORD_LENGTH_EXPLAIN' => 'Minimum and maximum number of characters in passwords.', @@ -375,8 +371,6 @@ $lang = array_merge($lang, array( 'FORCE_PASS_CHANGE_EXPLAIN' => 'Require user to change their password after a set number of days. Setting this value to 0 disables this behaviour.', 'FORM_TIME_MAX' => 'Maximum time to submit forms', 'FORM_TIME_MAX_EXPLAIN' => 'The time a user has to submit a form. Use -1 to disable. Note that a form might become invalid if the session expires, regardless of this setting.', - 'FORM_TIME_MIN' => 'Minimum time to submit forms', - 'FORM_TIME_MIN_EXPLAIN' => 'Submissions faster than this time are ignored by the board. Use 0 to disable.', 'FORM_SID_GUESTS' => 'Tie forms to guest sessions', 'FORM_SID_GUESTS_EXPLAIN' => 'If enabled, the form token issued to guests will be session-exclusive. This can cause problems with some ISPs.', 'FORWARDED_FOR_VALID' => 'Validated <var>X_FORWARDED_FOR</var> header', @@ -386,12 +380,17 @@ $lang = array_merge($lang, array( 'MAX_LOGIN_ATTEMPTS' => 'Maximum number of login attempts', 'MAX_LOGIN_ATTEMPTS_EXPLAIN' => 'After this number of failed logins the user needs to additionally confirm his login visually (visual confirmation).', 'NO_IP_VALIDATION' => 'None', + 'NO_REF_VALIDATION' => 'None', 'PASSWORD_TYPE' => 'Password complexity', 'PASSWORD_TYPE_EXPLAIN' => 'Determines how complex a password needs to be when set or altered, subsequent options include the previous ones.', 'PASS_TYPE_ALPHA' => 'Must contain letters and numbers', 'PASS_TYPE_ANY' => 'No requirements', 'PASS_TYPE_CASE' => 'Must be mixed case', 'PASS_TYPE_SYMBOL' => 'Must contain symbols', + 'REF_HOST' => 'Only validate host', + 'REF_PATH' => 'Also validate path', + 'REFERER_VALID' => 'Validate Referer', + 'REFERER_VALID_EXPLAIN' => 'If enabled, the referer of POST requests will be checked against the host/script path settings. This may cause issues with boards using several domains and or external logins.', 'TPL_ALLOW_PHP' => 'Allow php in templates', 'TPL_ALLOW_PHP_EXPLAIN' => 'If this option is enabled, <code>PHP</code> and <code>INCLUDEPHP</code> statements will be recognised and parsed in templates.', )); diff --git a/phpBB/language/en/acp/common.php b/phpBB/language/en/acp/common.php index f380b1f570..85c57fb1c3 100644 --- a/phpBB/language/en/acp/common.php +++ b/phpBB/language/en/acp/common.php @@ -608,6 +608,7 @@ $lang = array_merge($lang, array( 'LOG_REASON_REMOVED' => '<strong>Removed report/denial reason</strong><br />» %s', 'LOG_REASON_UPDATED' => '<strong>Updated report/denial reason</strong><br />» %s', + 'LOG_REFERER_INVALID' => '<strong>Referer validation failed</strong><br />»Referer was “<em>%1$s</em>”. The request was rejected and the session killed.', 'LOG_RESET_DATE' => '<strong>Board start date reset</strong>', 'LOG_RESET_ONLINE' => '<strong>Most users online reset</strong>', 'LOG_RESYNC_POSTCOUNTS' => '<strong>User post counts resynchronised</strong>', diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 8e739206c5..0895dd23eb 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -78,6 +78,7 @@ $lang = array_merge($lang, array( 'ATTACHED_IMAGE_NOT_IMAGE' => 'The image file you tried to attach is invalid.', 'AUTHOR' => 'Author', 'AUTH_NO_PROFILE_CREATED' => 'The creation of a user profile was unsuccessful.', + 'AVATAR_DISALLOWED_CONTENT' => 'The upload was rejected because the uploaded file was identified as a possible attack vector.', 'AVATAR_DISALLOWED_EXTENSION' => 'This file cannot be displayed because the extension <strong>%s</strong> is not allowed.', 'AVATAR_EMPTY_REMOTE_DATA' => 'The specified avatar could not be uploaded because the remote data appears to be invalid or corrupted.', 'AVATAR_EMPTY_FILEUPLOAD' => 'The uploaded avatar file is empty.', diff --git a/phpBB/language/en/posting.php b/phpBB/language/en/posting.php index 76878c8f7c..f75837e96f 100644 --- a/phpBB/language/en/posting.php +++ b/phpBB/language/en/posting.php @@ -82,6 +82,7 @@ $lang = array_merge($lang, array( 'DISABLE_BBCODE' => 'Disable BBCode', 'DISABLE_MAGIC_URL' => 'Do not automatically parse URLs', 'DISABLE_SMILIES' => 'Disable smilies', + 'DISALLOWED_CONTENT' => 'The upload was rejected because the uploaded file was identified as a possible attack vector.', 'DISALLOWED_EXTENSION' => 'The extension %s is not allowed.', 'DRAFT_LOADED' => 'Draft loaded into posting area, you may want to finish your post now.<br />Your draft will be deleted after submitting this post.', 'DRAFT_LOADED_PM' => 'Draft loaded into message area, you may want to finish your private message now.<br />Your draft will be deleted after submitting this private message.', |