Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9694

Calling download/file.php with empty avatar parameter can throw an E_NOTICE message

          Details

          • Type: Bug
          • Status: Unverified Fix
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 3.0.7-PL1
          • Fix Version/s: 3.0.8-RC1
          • Component/s: Other
          • Labels:
            None

            Description

            Calling download/file.php with an empty avatar parameter can result in an E_NOTICE message containing the full path to the phpBB installation.

            This is the case when the error_reporting setting (e.g. from php.ini) contains E_NOTICE.
            The notice is trown in line

            if ($filename[0] === 'g')

            because the $filename string doesn't have an offset 0 because it's an empty string.

            This has been reported by evilzone.org

              Issue Links

              is duplicated by

              Bug - A problem which impairs or prevents the functions of the product. PHPBB3-9699 Submitting no avatar id causes a warning

              • Major - Major loss of function.
              • Closed

                Activity

                There are no comments yet on this issue.

                  People

                  • Assignee:
                    bantu Andreas Fischer
                    Reporter:
                    bantu Andreas Fischer
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved:

                      Development