From 9b0b5481fe05b10a254861495280d04721e8d9d1 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Thu, 24 Oct 2013 21:03:06 +0200
Subject: [ticket/11534] Check remote avatar content type if possible
This should make sure that error pages like 404 or 503 pages are not treated
as remote avatar images.
PHPBB3-11534
---
phpBB/phpbb/avatar/driver/remote.php | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
(limited to 'phpBB/phpbb/avatar/driver')
diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php
index 1aa638dfe5..a04c6879f3 100644
--- a/phpBB/phpbb/avatar/driver/remote.php
+++ b/phpBB/phpbb/avatar/driver/remote.php
@@ -125,6 +125,37 @@ class remote extends \phpbb\avatar\driver\driver
$types = \fileupload::image_types();
$extension = strtolower(\filespec::get_extension($url));
+ // Check if this is actually an image
+ if ($file_stream = @fopen($url, 'r'))
+ {
+ // Timeout after 1 second
+ stream_set_timeout($file_stream, 1);
+ $meta = stream_get_meta_data($file_stream);
+ foreach ($meta['wrapper_data'] as $header)
+ {
+ $header = preg_split('/ /', $header, 2);
+ if (strtr(strtolower(trim($header[0], ':')), '_', '-') === 'content-type')
+ {
+ if (strpos($header[1], 'image/') !== 0)
+ {
+ $error[] = 'AVATAR_URL_INVALID';
+ fclose($file_stream);
+ return false;
+ }
+ else
+ {
+ fclose($file_stream);
+ break;
+ }
+ }
+ }
+ }
+ else
+ {
+ $error[] = 'AVATAR_URL_INVALID';
+ return false;
+ }
+
if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]])))
{
if (!isset($types[$image_data[2]]))
--
cgit v1.2.1
From 7aa8f6461f1e85cf91931f56b95384e54fec07c2 Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@phpbb.com>
Date: Wed, 30 Oct 2013 13:05:28 +0100
Subject: [task/code-sniffer] Remove the IN_PHPBB check side-effect from class
files.
PHPBB3-11980
---
phpBB/phpbb/avatar/driver/driver.php | 8 --------
phpBB/phpbb/avatar/driver/driver_interface.php | 8 --------
phpBB/phpbb/avatar/driver/gravatar.php | 8 --------
phpBB/phpbb/avatar/driver/local.php | 8 --------
phpBB/phpbb/avatar/driver/remote.php | 8 --------
phpBB/phpbb/avatar/driver/upload.php | 8 --------
6 files changed, 48 deletions(-)
(limited to 'phpBB/phpbb/avatar/driver')
diff --git a/phpBB/phpbb/avatar/driver/driver.php b/phpBB/phpbb/avatar/driver/driver.php
index 206df86543..d360614122 100644
--- a/phpBB/phpbb/avatar/driver/driver.php
+++ b/phpBB/phpbb/avatar/driver/driver.php
@@ -9,14 +9,6 @@
namespace phpbb\avatar\driver;
-/**
-* @ignore
-*/
-if (!defined('IN_PHPBB'))
-{
- exit;
-}
-
/**
* Base class for avatar drivers
* @package phpBB3
diff --git a/phpBB/phpbb/avatar/driver/driver_interface.php b/phpBB/phpbb/avatar/driver/driver_interface.php
index d9540c19db..7f049469a2 100644
--- a/phpBB/phpbb/avatar/driver/driver_interface.php
+++ b/phpBB/phpbb/avatar/driver/driver_interface.php
@@ -9,14 +9,6 @@
namespace phpbb\avatar\driver;
-/**
-* @ignore
-*/
-if (!defined('IN_PHPBB'))
-{
- exit;
-}
-
/**
* Interface for avatar drivers
* @package phpBB3
diff --git a/phpBB/phpbb/avatar/driver/gravatar.php b/phpBB/phpbb/avatar/driver/gravatar.php
index 3ad783932e..d64f4da734 100644
--- a/phpBB/phpbb/avatar/driver/gravatar.php
+++ b/phpBB/phpbb/avatar/driver/gravatar.php
@@ -9,14 +9,6 @@
namespace phpbb\avatar\driver;
-/**
-* @ignore
-*/
-if (!defined('IN_PHPBB'))
-{
- exit;
-}
-
/**
* Handles avatars hosted at gravatar.com
* @package phpBB3
diff --git a/phpBB/phpbb/avatar/driver/local.php b/phpBB/phpbb/avatar/driver/local.php
index 0686ffe79a..f6acc6e636 100644
--- a/phpBB/phpbb/avatar/driver/local.php
+++ b/phpBB/phpbb/avatar/driver/local.php
@@ -9,14 +9,6 @@
namespace phpbb\avatar\driver;
-/**
-* @ignore
-*/
-if (!defined('IN_PHPBB'))
-{
- exit;
-}
-
/**
* Handles avatars selected from the board gallery
* @package phpBB3
diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php
index 1aa638dfe5..12cbd883f4 100644
--- a/phpBB/phpbb/avatar/driver/remote.php
+++ b/phpBB/phpbb/avatar/driver/remote.php
@@ -9,14 +9,6 @@
namespace phpbb\avatar\driver;
-/**
-* @ignore
-*/
-if (!defined('IN_PHPBB'))
-{
- exit;
-}
-
/**
* Handles avatars hosted remotely
* @package phpBB3
diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php
index bda872df7a..822c40af98 100644
--- a/phpBB/phpbb/avatar/driver/upload.php
+++ b/phpBB/phpbb/avatar/driver/upload.php
@@ -9,14 +9,6 @@
namespace phpbb\avatar\driver;
-/**
-* @ignore
-*/
-if (!defined('IN_PHPBB'))
-{
- exit;
-}
-
/**
* Handles avatars uploaded to the board
* @package phpBB3
--
cgit v1.2.1
From 6618f0ea246100c55636ef679df55d2c951dfbc0 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Wed, 27 Nov 2013 15:18:42 +0100
Subject: [ticket/11859] Make avatar drivers return template filename
The service name might not follow the expected naming scheme which would
cause abnormally long filenames and confusion for authors that might add
more avatar drivers.
PHPBB3-11859
---
phpBB/phpbb/avatar/driver/driver.php | 11 -----------
phpBB/phpbb/avatar/driver/gravatar.php | 8 ++++++++
phpBB/phpbb/avatar/driver/local.php | 8 ++++++++
phpBB/phpbb/avatar/driver/remote.php | 8 ++++++++
phpBB/phpbb/avatar/driver/upload.php | 8 ++++++++
5 files changed, 32 insertions(+), 11 deletions(-)
(limited to 'phpBB/phpbb/avatar/driver')
diff --git a/phpBB/phpbb/avatar/driver/driver.php b/phpBB/phpbb/avatar/driver/driver.php
index d360614122..dd55f09119 100644
--- a/phpBB/phpbb/avatar/driver/driver.php
+++ b/phpBB/phpbb/avatar/driver/driver.php
@@ -109,17 +109,6 @@ abstract class driver implements \phpbb\avatar\driver\driver_interface
return true;
}
- /**
- * @inheritdoc
- */
- public function get_template_name()
- {
- $driver = preg_replace('#^phpbb\\\\avatar\\\\driver\\\\#', '', get_class($this));
- $template = "ucp_avatar_options_$driver.html";
-
- return $template;
- }
-
/**
* @inheritdoc
*/
diff --git a/phpBB/phpbb/avatar/driver/gravatar.php b/phpBB/phpbb/avatar/driver/gravatar.php
index d64f4da734..9f14b7f468 100644
--- a/phpBB/phpbb/avatar/driver/gravatar.php
+++ b/phpBB/phpbb/avatar/driver/gravatar.php
@@ -146,6 +146,14 @@ class gravatar extends \phpbb\avatar\driver\driver
);
}
+ /**
+ * @inheritdoc
+ */
+ public function get_template_name()
+ {
+ return 'ucp_avatar_options_gravatar.html';
+ }
+
/**
* Build gravatar URL for output on page
*
diff --git a/phpBB/phpbb/avatar/driver/local.php b/phpBB/phpbb/avatar/driver/local.php
index f6acc6e636..611a44cb3d 100644
--- a/phpBB/phpbb/avatar/driver/local.php
+++ b/phpBB/phpbb/avatar/driver/local.php
@@ -134,6 +134,14 @@ class local extends \phpbb\avatar\driver\driver
);
}
+ /**
+ * @inheritdoc
+ */
+ public function get_template_name()
+ {
+ return 'ucp_avatar_options_local.html';
+ }
+
/**
* Get a list of avatars that are locally available
* Results get cached for 24 hours (86400 seconds)
diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php
index 22d50c703e..36623942df 100644
--- a/phpBB/phpbb/avatar/driver/remote.php
+++ b/phpBB/phpbb/avatar/driver/remote.php
@@ -186,4 +186,12 @@ class remote extends \phpbb\avatar\driver\driver
'avatar_height' => $height,
);
}
+
+ /**
+ * @inheritdoc
+ */
+ public function get_template_name()
+ {
+ return 'ucp_avatar_options_remote.html';
+ }
}
diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php
index 822c40af98..1e50e135e4 100644
--- a/phpBB/phpbb/avatar/driver/upload.php
+++ b/phpBB/phpbb/avatar/driver/upload.php
@@ -167,6 +167,14 @@ class upload extends \phpbb\avatar\driver\driver
return true;
}
+ /**
+ * @inheritdoc
+ */
+ public function get_template_name()
+ {
+ return 'ucp_avatar_options_upload.html';
+ }
+
/**
* Check if user is able to upload an avatar
*
--
cgit v1.2.1