4 files changed, 8 insertions, 3 deletions
diff --git a/phpBB/includes/avatar/driver/driver.php b/phpBB/includes/avatar/driver/driver.php
index e03ef72b3a..d7fe915d03 100644
--- a/phpBB/includes/avatar/driver/driver.php
+++ b/phpBB/includes/avatar/driver/driver.php
@@ -52,6 +52,11 @@ abstract class phpbb_avatar_driver implements phpbb_avatar_driver_interface
 	protected $cache;
 
 	/**
+	* Regex for allowed avatar image extensions
+	*/
+	const REGEX_ALLOWED_EXT = 'gif|jpg|jpeg|png';
+
+	/**
 	* Construct a driver object
 	*
 	* @param phpbb_config $config phpBB configuration
diff --git a/phpBB/includes/avatar/driver/local.php b/phpBB/includes/avatar/driver/local.php
index b96b602f85..5132ecd389 100644
--- a/phpBB/includes/avatar/driver/local.php
+++ b/phpBB/includes/avatar/driver/local.php
@@ -162,7 +162,7 @@ class phpbb_avatar_driver_local extends phpbb_avatar_driver
 				$image = $file_info->getFilename();
 
 				// Match all images in the gallery folder
-				if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $image) && is_file($file_path . '/' . $image))
+				if (preg_match('#^[^&\'"<>]+\.(?:'. self::REGEX_ALLOWED_EXT . ')$#i', $image) && is_file($file_path . '/' . $image))
 				{
 					if (function_exists('getimagesize'))
 					{
diff --git a/phpBB/includes/avatar/driver/remote.php b/phpBB/includes/avatar/driver/remote.php
index e8f182063e..9b481f983e 100644
--- a/phpBB/includes/avatar/driver/remote.php
+++ b/phpBB/includes/avatar/driver/remote.php
@@ -84,7 +84,7 @@ class phpbb_avatar_driver_remote extends phpbb_avatar_driver
 
 		// Check if this url looks alright
 		// This isn't perfect, but it's what phpBB 3.0 did, and might as well make sure everything is compatible
-		if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $url))
+		if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. self::REGEX_ALLOWED_EXT . ')$#i', $url))
 		{
 			$error[] = 'AVATAR_URL_INVALID';
 			return false;
diff --git a/phpBB/includes/avatar/driver/upload.php b/phpBB/includes/avatar/driver/upload.php
index 1e3c876299..ae39eb6920 100644
--- a/phpBB/includes/avatar/driver/upload.php
+++ b/phpBB/includes/avatar/driver/upload.php
@@ -66,7 +66,7 @@ class phpbb_avatar_driver_upload extends phpbb_avatar_driver
 			include($this->phpbb_root_path . 'includes/functions_upload' . $this->php_ext);
 		}
 
-		$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], (isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false));
+		$upload = new fileupload('AVATAR_', explode('|', self::REGEX_ALLOWED_EXT), $this->config['avatar_filesize'], $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], (isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false));
 
 		$url = $request->variable('avatar_upload_url', '');
 		$upload_file = $request->file('avatar_upload_file');