Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-11331

Inform admin of incorrect avatar path instead of stripping unexpected parts from destination path

    Details

      Description

      When submitting an avatar the local avatar (gallery) path is stripped of the following unexpected content:

      $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);

      This might lead to unexpected behavior. Either correctly handle those paths or inform the admin of an unexpepcted link when submitting the form with the settings.

        Attachments

          Activity

            People

            • Assignee:
              Marc Marc
              Reporter:
              Marc Marc
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: