Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-11331

Inform admin of incorrect avatar path instead of stripping unexpected parts from destination path

    XMLWordPrintable

    Details

      Description

      When submitting an avatar the local avatar (gallery) path is stripped of the following unexpected content:

      $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);

      This might lead to unexpected behavior. Either correctly handle those paths or inform the admin of an unexpepcted link when submitting the form with the settings.

        Attachments

          Activity

            People

            Assignee:
            Marc Marc
            Reporter:
            Marc Marc
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: