diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-03-20 14:38:51 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-03-20 14:38:51 +0000 |
| commit | f24f3be056bc89a392e8abc9d1843c049fd79466 (patch) | |
| tree | d0d8bc67873bc804453d0bd9635a80993392ef08 /phpBB/includes/usercp_avatar.php | |
| parent | 8483e9195e5f04feac1aad97439f06f472429a73 (diff) | |
| download | forums-f24f3be056bc89a392e8abc9d1843c049fd79466.tar forums-f24f3be056bc89a392e8abc9d1843c049fd79466.tar.gz forums-f24f3be056bc89a392e8abc9d1843c049fd79466.tar.bz2 forums-f24f3be056bc89a392e8abc9d1843c049fd79466.tar.xz forums-f24f3be056bc89a392e8abc9d1843c049fd79466.zip | |
Missed a width/height check for uploaded avatars
git-svn-id: file:///svn/phpbb/trunk@2372 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/usercp_avatar.php')
| -rw-r--r-- | phpBB/includes/usercp_avatar.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/phpBB/includes/usercp_avatar.php b/phpBB/includes/usercp_avatar.php index 73645d6ac6..be2bc1a00c 100644 --- a/phpBB/includes/usercp_avatar.php +++ b/phpBB/includes/usercp_avatar.php @@ -135,7 +135,7 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg, { $avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize); - $tmp_path = ( !$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . "/tmp"; + $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . "/tmp"; $tmp_filename = tempnam($tmp_path, $userdata['user_id'] . '-'); $fptr = @fopen($tmp_filename, 'wb'); @@ -176,6 +176,8 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg, $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $l_avatar_size : $l_avatar_size; return; } + + list($width, $height) = @getimagesize($avatar_filename); } if ( !($imgtype = check_image_type($avatar_filetype, $error, $error_msg)) ) @@ -202,7 +204,7 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg, } else { - if ( $ini_val('open_basedir') != '' ) + if ( @$ini_val('open_basedir') != '' ) { if ( phpversion() < '4.0.3' ) { |