1 files changed, 39 insertions, 8 deletions
diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php
index 1aa638dfe5..36623942df 100644
--- a/phpBB/phpbb/avatar/driver/remote.php
+++ b/phpBB/phpbb/avatar/driver/remote.php
@@ -10,14 +10,6 @@
 namespace phpbb\avatar\driver;
 
 /**
-* @ignore
-*/
-if (!defined('IN_PHPBB'))
-{
-	exit;
-}
-
-/**
 * Handles avatars hosted remotely
 * @package phpBB3
 */
@@ -125,6 +117,37 @@ class remote extends \phpbb\avatar\driver\driver
 		$types = \fileupload::image_types();
 		$extension = strtolower(\filespec::get_extension($url));
 
+		// Check if this is actually an image
+		if ($file_stream = @fopen($url, 'r'))
+		{
+			// Timeout after 1 second
+			stream_set_timeout($file_stream, 1);
+			$meta = stream_get_meta_data($file_stream);
+			foreach ($meta['wrapper_data'] as $header)
+			{
+				$header = preg_split('/ /', $header, 2);
+				if (strtr(strtolower(trim($header[0], ':')), '_', '-') === 'content-type')
+				{
+					if (strpos($header[1], 'image/') !== 0)
+					{
+						$error[] = 'AVATAR_URL_INVALID';
+						fclose($file_stream);
+						return false;
+					}
+					else
+					{
+						fclose($file_stream);
+						break;
+					}
+				}
+			}
+		}
+		else
+		{
+			$error[] = 'AVATAR_URL_INVALID';
+			return false;
+		}
+
 		if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]])))
 		{
 			if (!isset($types[$image_data[2]]))
@@ -163,4 +186,12 @@ class remote extends \phpbb\avatar\driver\driver
 			'avatar_height' => $height,
 		);
 	}
+
+	/**
+	* @inheritdoc
+	*/
+	public function get_template_name()
+	{
+		return 'ucp_avatar_options_remote.html';
+	}
 }