Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9694

Calling download/file.php with empty avatar parameter can throw an E_NOTICE message

          Details

          • Type: Bug
          • Status: Closed (View Workflow)
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 3.0.7-PL1
          • Fix Version/s: 3.0.8-RC1
          • Component/s: Other
          • Labels:
            None

            Description

            Calling download/file.php with an empty avatar parameter can result in an E_NOTICE message containing the full path to the phpBB installation.

            This is the case when the error_reporting setting (e.g. from php.ini) contains E_NOTICE.
            The notice is trown in line

            if ($filename[0] === 'g')

            because the $filename string doesn't have an offset 0 because it's an empty string.

            This has been reported by evilzone.org

              Attachments

                Issue Links

                is duplicated by

                Bug - A problem which impairs or prevents the functions of the product. PHPBB3-9699 Submitting no avatar id causes a warning

                • Major - Major loss of function.
                • Closed

                  Activity

                    People

                    • Assignee:
                      bantu Andreas Fischer
                      Reporter:
                      bantu Andreas Fischer
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      0 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved: