diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2013-07-12 14:35:17 -0400 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2013-07-12 14:35:17 -0400 |
| commit | adff2fb254285e54f899f3a8604e1116cb11573c (patch) | |
| tree | 832a0750e8ca26f6ff223eeaa593abb3d294fe4e /phpBB/includes/avatar | |
| parent | 0d0338a55c0b4f9ec4c1a4c34f482382b09105da (diff) | |
| download | forums-adff2fb254285e54f899f3a8604e1116cb11573c.tar forums-adff2fb254285e54f899f3a8604e1116cb11573c.tar.gz forums-adff2fb254285e54f899f3a8604e1116cb11573c.tar.bz2 forums-adff2fb254285e54f899f3a8604e1116cb11573c.tar.xz forums-adff2fb254285e54f899f3a8604e1116cb11573c.zip | |
[ticket/11548] Check upload avatar URL the same way as in phpBB 3.0
The upload avatar URL was checked for its length in phpBB 3.0. Additionally,
starting with the new avatar system in phpBB 3.1, the URL was checked to
prevent improper URLs being submitted. This minor change is needed for proper
testing of the ucp and acp groups pages.
PHPBB3-11548
Diffstat (limited to 'phpBB/includes/avatar')
| -rw-r--r-- | phpBB/includes/avatar/driver/upload.php | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/phpBB/includes/avatar/driver/upload.php b/phpBB/includes/avatar/driver/upload.php index baf51f61c1..685ac4f349 100644 --- a/phpBB/includes/avatar/driver/upload.php +++ b/phpBB/includes/avatar/driver/upload.php @@ -77,6 +77,32 @@ class phpbb_avatar_driver_upload extends phpbb_avatar_driver } elseif (!empty($this->config['allow_avatar_remote_upload']) && !empty($url)) { + if (!preg_match('#^(http|https|ftp)://#i', $url)) + { + $url = 'http://' . $url; + } + + if (!function_exists('validate_data')) + { + require($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext); + } + + $validate_array = validate_data( + array( + 'url' => $url, + ), + array( + 'url' => array('string', true, 5, 255), + ) + ); + + $error = array_merge($error, $validate_array); + + if (!empty($error)) + { + return false; + } + $file = $upload->remote_upload($url); } else |