[PHPBB3-11331] Inform admin of incorrect avatar path instead of stripping unexpected parts from destination path

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.1.0-dev
Fix Version/s: 3.1.0-RC1
Component/s: ACP, User Control Panel (UCP)
Labels:
None

GitHub Pull Request URL:
https://github.com/phpbb/phpbb/pull/2555

Description

When submitting an avatar the local avatar (gallery) path is stripped of the following unexpected content:

$destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);

This might lead to unexpected behavior. Either correctly handle those paths or inform the admin of an unexpepcted link when submitting the form with the settings.

Attachments

Activity

People

Assignee:: Marc

Reporter:: Marc

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Jan/13 10:09 PM

Updated:: 22/Jan/17 4:01 PM

Resolved:: 08/Jun/14 11:12 PM