Fix for possible security issues..

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2545 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-07 23:16:13 +02:00 · 2002-04-29 14:45:07 +00:00 · 2002-04-29 14:45:07 +00:00 · fefdfcd263
commit fefdfcd263
parent ae1c52199f
1 changed files with 2 additions and 2 deletions
--- a/phpBB/includes/usercp_avatar.php
+++ b/phpBB/includes/usercp_avatar.php
@ -74,7 +74,7 @@ function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
 		$avatar_filename = 'http://' . $avatar_filename;
 	}
-	if ( !preg_match('#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
+	if ( !preg_match('#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/[^\"]*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
 	{
 		$error = true;
 		$error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];