Merge branch 'ticket/bantu/10038' into develop-olympus

* ticket/bantu/10038: [ticket/10038] Use request_var() in the avatar code path of download/file.php
author: Igor Wiedler <igor@wiedler.ch> 2011-02-12 19:51:21 +0100
committer: Igor Wiedler <igor@wiedler.ch> 2011-02-12 19:51:21 +0100
commit: 42707053a2fed5c0157de13ebc2407fd80438aca (patch)
tree: 7370a0d59814706bb8f72a9e96fcf11e8800a22e /phpBB
parent: 0588ba25cb919e3b892d4550e5914f234f37875c (diff)
parent: 23d2798b6daeab2afaa605dfaeb49dfb718e306f (diff)
download: forums-42707053a2fed5c0157de13ebc2407fd80438aca.tar
forums-42707053a2fed5c0157de13ebc2407fd80438aca.tar.gz
forums-42707053a2fed5c0157de13ebc2407fd80438aca.tar.bz2
forums-42707053a2fed5c0157de13ebc2407fd80438aca.tar.xz
forums-42707053a2fed5c0157de13ebc2407fd80438aca.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index 5f45b88359..f5a766dd57 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -64,7 +64,7 @@ if (isset($_GET['avatar']))
 	$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
 
 	$config = $cache->obtain_config();
-	$filename = $_GET['avatar'];
+	$filename = request_var('avatar', '');
 	$avatar_group = false;
 	$exit = false;
author	Igor Wiedler <igor@wiedler.ch>	2011-02-12 19:51:21 +0100
committer	Igor Wiedler <igor@wiedler.ch>	2011-02-12 19:51:21 +0100
commit	42707053a2fed5c0157de13ebc2407fd80438aca (patch)
tree	7370a0d59814706bb8f72a9e96fcf11e8800a22e /phpBB
parent	0588ba25cb919e3b892d4550e5914f234f37875c (diff)
parent	23d2798b6daeab2afaa605dfaeb49dfb718e306f (diff)
download	forums-42707053a2fed5c0157de13ebc2407fd80438aca.tar forums-42707053a2fed5c0157de13ebc2407fd80438aca.tar.gz forums-42707053a2fed5c0157de13ebc2407fd80438aca.tar.bz2 forums-42707053a2fed5c0157de13ebc2407fd80438aca.tar.xz forums-42707053a2fed5c0157de13ebc2407fd80438aca.zip