mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-30 21:40:43 +02:00
check file type
git-svn-id: file:///svn/phpbb/trunk@6354 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
@@ -1255,7 +1255,7 @@ function avatar_delete($id)
|
||||
*/
|
||||
function avatar_remote($data, &$error)
|
||||
{
|
||||
global $config, $db, $user, $phpbb_root_path;
|
||||
global $config, $db, $user, $phpbb_root_path, $phpEx;
|
||||
|
||||
if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink']))
|
||||
{
|
||||
@@ -1284,6 +1284,24 @@ function avatar_remote($data, &$error)
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check image type
|
||||
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
|
||||
$types = fileupload::image_types();
|
||||
$extension = strtolower(filespec::get_extension($data['remotelink']));
|
||||
|
||||
if (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]]))
|
||||
{
|
||||
if (!isset($types[$image_data[2]]))
|
||||
{
|
||||
$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
|
||||
}
|
||||
else
|
||||
{
|
||||
$error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($config['avatar_max_width'] || $config['avatar_max_height'])
|
||||
{
|
||||
if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])
|
||||
|
Reference in New Issue
Block a user