diff options
Diffstat (limited to 'phpBB/includes/functions_user.php')
| -rw-r--r-- | phpBB/includes/functions_user.php | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 1e688e8ab0..1d41aeb9ba 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1255,7 +1255,7 @@ function avatar_delete($id) */ function avatar_remote($data, &$error) { - global $config, $db, $user, $phpbb_root_path; + global $config, $db, $user, $phpbb_root_path, $phpEx; if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink'])) { @@ -1284,6 +1284,24 @@ function avatar_remote($data, &$error) return false; } + // Check image type + include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); + $types = fileupload::image_types(); + $extension = strtolower(filespec::get_extension($data['remotelink'])); + + if (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]])) + { + if (!isset($types[$image_data[2]])) + { + $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE']; + } + else + { + $error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension); + } + return false; + } + if ($config['avatar_max_width'] || $config['avatar_max_height']) { if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height']) |