mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-05 16:27:38 +02:00
Code Issues Releases Wiki Activity

#14466

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@8091 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof
2007-09-15 13:27:06 +00:00
parent 09f6cf11dd
commit 36e99af959
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/includes/functions_user.php
View File

@@ -1975,14 +1975,14 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var
while (($file = readdir($dp)) !== false)
{
if ($file[0] != '.' && is_dir("$path/$file"))
if ($file[0] != '.' && preg_match('#^[^&"\'<>]+$#i', $file) && is_dir("$path/$file"))
{
$avatar_row_count = $avatar_col_count = 0;
$dp2 = @opendir("$path/$file");
while (($sub_file = readdir($dp2)) !== false)
{
if (preg_match('#^[^&"<>]*\.(?:gif|png|jpe?g)$#i', $sub_file))
if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $sub_file))
{
$avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(
'file' => "$file/$sub_file",