aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb/avatar/driver/upload.php
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2017-07-16 11:29:35 +0200
committerMarc Alexander <admin@m-a-styles.de>2017-07-16 11:29:35 +0200
commit0b405a2cdc108a42a3d1d49218b733a76f6c2237 (patch)
treef5f5edfc2c920ca0c9f952e6de501a812cac715b /phpBB/phpbb/avatar/driver/upload.php
parent4ed45c4e1276335ff6581a4db58b0173c9905528 (diff)
parentfa631947f15754a50379598d83cb237bbfac2cca (diff)
downloadforums-0b405a2cdc108a42a3d1d49218b733a76f6c2237.tar
forums-0b405a2cdc108a42a3d1d49218b733a76f6c2237.tar.gz
forums-0b405a2cdc108a42a3d1d49218b733a76f6c2237.tar.bz2
forums-0b405a2cdc108a42a3d1d49218b733a76f6c2237.tar.xz
forums-0b405a2cdc108a42a3d1d49218b733a76f6c2237.zip
Merge pull request #38 from phpbb/ticket/security/210
[ticket/security/210] Prevent using IP addresses or ports for remote avatar
Diffstat (limited to 'phpBB/phpbb/avatar/driver/upload.php')
-rw-r--r--phpBB/phpbb/avatar/driver/upload.php10
1 files changed, 10 insertions, 0 deletions
diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php
index cb8dfcad4f..0dae5607f6 100644
--- a/phpBB/phpbb/avatar/driver/upload.php
+++ b/phpBB/phpbb/avatar/driver/upload.php
@@ -134,6 +134,16 @@ class upload extends \phpbb\avatar\driver\driver
return false;
}
+ // Do not allow specifying the port (see RFC 3986) or IP addresses
+ // remote_upload() will do its own check for allowed filetypes
+ if (preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) ||
+ preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) ||
+ preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url))
+ {
+ $error[] = 'AVATAR_URL_INVALID';
+ return false;
+ }
+
$file = $upload->remote_upload($url, $this->mimetype_guesser);
}
else
generated by cgit v1.2.1 (git 2.21.0) at 2025-12-04 01:33:14 +0000