From dc5a167c429a3813d66b0ae3d14242650466cac6 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Wed, 17 Apr 2019 08:54:51 +0200
Subject: [ticket/security/231] Disable remote avatar functionality & add
 warning

SECURITY-231
---
 .../migration/data/v32x/disable_remote_avatar.php  | 34 ++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php

(limited to 'phpBB/phpbb/db/migration')

diff --git a/phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php b/phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php
new file mode 100644
index 0000000000..b08833fad4
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php
@@ -0,0 +1,34 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v32x;
+
+use phpbb\db\migration\migration;
+
+class disable_remote_avatar extends migration
+{
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v32x\v325',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('allow_avatar_remote', '0')),
+			array('config.update', array('allow_avatar_remote_upload', '0')),
+		);
+	}
+}
-- 
cgit v1.2.1