From dc5a167c429a3813d66b0ae3d14242650466cac6 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 17 Apr 2019 08:54:51 +0200 Subject: [ticket/security/231] Disable remote avatar functionality & add warning SECURITY-231 --- phpBB/language/en/acp/board.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/language') diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index eb53ac0370..9b45ffa45b 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -111,9 +111,9 @@ $lang = array_merge($lang, array( 'ALLOW_GRAVATAR' => 'Enable gravatar avatars', 'ALLOW_LOCAL' => 'Enable gallery avatars', 'ALLOW_REMOTE' => 'Enable remote avatars', - 'ALLOW_REMOTE_EXPLAIN' => 'Avatars linked to from another website.', + 'ALLOW_REMOTE_EXPLAIN' => 'Avatars linked to from another website.
Warning: Enabling this feature might allow users to check for the existence of files and services that are only accessible on the local network.', 'ALLOW_REMOTE_UPLOAD' => 'Enable remote avatar uploading', - 'ALLOW_REMOTE_UPLOAD_EXPLAIN' => 'Allow uploading of avatars from another website.', + 'ALLOW_REMOTE_UPLOAD_EXPLAIN' => 'Allow uploading of avatars from another website.
Warning: Enabling this feature might allow users to check for the existence of files and services that are only accessible on the local network.', 'ALLOW_UPLOAD' => 'Enable avatar uploading', 'AVATAR_GALLERY_PATH' => 'Avatar gallery path', 'AVATAR_GALLERY_PATH_EXPLAIN' => 'Path under your phpBB root directory for pre-loaded images, e.g. images/avatars/gallery.
Double dots like ../ will be stripped from the path for security reasons.', -- cgit v1.2.1