From 4e6cff3a80ab54de0aff1844947990ffaedb7526 Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Mon, 15 Oct 2001 16:00:47 +0000
Subject: [PATCH] Fix for potential security/HTML abuse problem, thanks
 Silverion

git-svn-id: file:///svn/phpbb/trunk@1205 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/profile.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/phpBB/profile.php b/phpBB/profile.php
index 212661cc21..3041a67112 100644
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@@ -926,7 +926,16 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 					{
 						$user_avatar_remoteurl = "http://" . $user_avatar_remoteurl;
 					}
-					$avatar_sql = ", user_avatar = '$user_avatar_remoteurl', user_avatar_type = " . USER_AVATAR_REMOTE;
+
+					if( preg_match("/^http\:\/\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+\/.*?\.(gif|jpg|png)$/is", $user_avatar_remoteurl) )
+					{
+						$avatar_sql = ", user_avatar = '$user_avatar_remoteurl', user_avatar_type = " . USER_AVATAR_REMOTE;
+					}
+					else
+					{
+						$error = true;
+						$error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];
+					}
 				}
 			}