Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-10908

No remote avatar size limit results in files limited only by PHP memory limit

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.10
    • Fix Version/s: 3.0.11-RC1
    • Component/s: Other
    • Labels:
      None

      Description

      If the remote avatar size is set to 0, the upload file size is unlimited. This can lead to memory exhaustion in the getimagesize() call following after. Instead an avatar size limit of 0 should restrict file upload to the value of php ini setting upload_max_filesize. This needs to be made clear in the ACP language string as well.

        Activity

        Show
        brunoais brunoais added a comment - https://github.com/phpbb/phpbb3/pull/825/files#r1118163

          People

          • Assignee:
            naderman Nils Adermann
            Reporter:
            naderman Nils Adermann
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development