Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-11354

Remote upload of avatars fails if the avatar image is supplied with a service file, e.g. download.php

    XMLWordPrintable

    Details

      Description

      While uploading the file the file extension is checked against a limited list of 4 extensions (gif, jpg, jpeg, png). If the file is served with a script like a php file the upload will fail. The image should be checked instead of the link itself.
      Also take a look at these comments regarding this issue:
      https://github.com/phpbb/phpbb3/pull/1100#issuecomment-13216135
      https://github.com/phpbb/phpbb3/pull/1100#issuecomment-13218053

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              CHItA CHItA
              Reporter:
              Marc Marc
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: