From 504eef65c5fe128c86cd2f122cda53cf4df04347 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Tue, 5 Sep 2006 15:17:45 +0000
Subject: check file type

git-svn-id: file:///svn/phpbb/trunk@6354 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/functions_user.php | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'phpBB/includes/functions_user.php')

diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 1e688e8ab0..1d41aeb9ba 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1255,7 +1255,7 @@ function avatar_delete($id)
 */
 function avatar_remote($data, &$error)
 {
-	global $config, $db, $user, $phpbb_root_path;
+	global $config, $db, $user, $phpbb_root_path, $phpEx;
 
 	if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink']))
 	{
@@ -1284,6 +1284,24 @@ function avatar_remote($data, &$error)
 		return false;
 	}
 
+	// Check image type
+	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
+	$types = fileupload::image_types();
+	$extension = strtolower(filespec::get_extension($data['remotelink']));
+
+	if (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]]))
+	{
+		if (!isset($types[$image_data[2]]))
+		{
+			$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
+		}
+		else
+		{
+			$error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension);
+		}
+		return false;
+	}
+
 	if ($config['avatar_max_width'] || $config['avatar_max_height'])
 	{
 		if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])
-- 
cgit v1.2.1