From dc5a167c429a3813d66b0ae3d14242650466cac6 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Wed, 17 Apr 2019 08:54:51 +0200
Subject: [ticket/security/231] Disable remote avatar functionality & add
 warning

SECURITY-231
---
 phpBB/language/en/acp/board.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'phpBB/language/en/acp/board.php')

diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php
index eb53ac0370..9b45ffa45b 100644
--- a/phpBB/language/en/acp/board.php
+++ b/phpBB/language/en/acp/board.php
@@ -111,9 +111,9 @@ $lang = array_merge($lang, array(
 	'ALLOW_GRAVATAR'				=> 'Enable gravatar avatars',
 	'ALLOW_LOCAL'					=> 'Enable gallery avatars',
 	'ALLOW_REMOTE'					=> 'Enable remote avatars',
-	'ALLOW_REMOTE_EXPLAIN'			=> 'Avatars linked to from another website.',
+	'ALLOW_REMOTE_EXPLAIN'			=> 'Avatars linked to from another website.<br><em><strong class="error">Warning:</strong> Enabling this feature might allow users to check for the existence of files and services that are only accessible on the local network.</em>',
 	'ALLOW_REMOTE_UPLOAD'			=> 'Enable remote avatar uploading',
-	'ALLOW_REMOTE_UPLOAD_EXPLAIN'	=> 'Allow uploading of avatars from another website.',
+	'ALLOW_REMOTE_UPLOAD_EXPLAIN'	=> 'Allow uploading of avatars from another website.<br><em><strong class="error">Warning:</strong> Enabling this feature might allow users to check for the existence of files and services that are only accessible on the local network.</em>',
 	'ALLOW_UPLOAD'					=> 'Enable avatar uploading',
 	'AVATAR_GALLERY_PATH'			=> 'Avatar gallery path',
 	'AVATAR_GALLERY_PATH_EXPLAIN'	=> 'Path under your phpBB root directory for pre-loaded images, e.g. <samp>images/avatars/gallery</samp>.<br>Double dots like <samp>../</samp> will be stripped from the path for security reasons.',
-- 
cgit v1.2.1