Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-10038

download/file.php uses $_GET value instead of function request_var()

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.8
    • Fix Version/s: 3.0.9-RC1
    • Component/s: Viewing posts
    • Labels:
      None

      Description

      The code in download/file.php

      $filename = $_GET['avatar'];

      should be adjusted to use function request_var() to get $filename value.
      Direct use of $_GET is known as insecure option.

        Activity

        Hide
        bantu Andreas Fischer added a comment - - edited

        Not just $_GET['avatar'], the whole avatar code path should use request_var() now. We can do this, because we load includes/functions.php by default now.

        Show
        bantu Andreas Fischer added a comment - - edited Not just $_GET ['avatar'] , the whole avatar code path should use request_var() now. We can do this, because we load includes/functions.php by default now.
        Hide
        bantu Andreas Fischer added a comment -

        Nevermind, 'avatar' is the only parameter.

        Show
        bantu Andreas Fischer added a comment - Nevermind, 'avatar' is the only parameter.

          People

          • Assignee:
            bantu Andreas Fischer
            Reporter:
            rxu Ruslan Uzdenov
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development