diff options
author | Marc Alexander <admin@m-a-styles.de> | 2017-07-09 16:24:49 +0200 |
---|---|---|
committer | Marc Alexander <admin@m-a-styles.de> | 2017-07-09 16:24:49 +0200 |
commit | 3fc3f55d349c9022de28fed85c3bfa2d317c5075 (patch) | |
tree | bc436c3ebda0e62ebbb8fbbe8d4ef360b2d3ef75 /phpBB/phpbb/avatar/driver/upload.php | |
parent | aef138d8bc2cc2c74bc9951d136c7bc1e0cf3ad7 (diff) | |
parent | a281d526dc6cf48011c1d9e04399848f7c0c08c2 (diff) | |
download | forums-3fc3f55d349c9022de28fed85c3bfa2d317c5075.tar forums-3fc3f55d349c9022de28fed85c3bfa2d317c5075.tar.gz forums-3fc3f55d349c9022de28fed85c3bfa2d317c5075.tar.bz2 forums-3fc3f55d349c9022de28fed85c3bfa2d317c5075.tar.xz forums-3fc3f55d349c9022de28fed85c3bfa2d317c5075.zip |
Merge branch 'ticket/security/210' into ticket/security/210-rhea
Diffstat (limited to 'phpBB/phpbb/avatar/driver/upload.php')
-rw-r--r-- | phpBB/phpbb/avatar/driver/upload.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php index 4effa4c410..6526aa7c13 100644 --- a/phpBB/phpbb/avatar/driver/upload.php +++ b/phpBB/phpbb/avatar/driver/upload.php @@ -146,6 +146,16 @@ class upload extends \phpbb\avatar\driver\driver return false; } + // Do not allow specifying the port (see RFC 3986) or IP addresses + // remote_upload() will do its own check for allowed filetypes + if (preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || + preg_match('#(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) || + preg_match('#(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url)) + { + $error[] = 'AVATAR_URL_INVALID'; + return false; + } + $file = $upload->handle_upload('files.types.remote', $url); } else |