-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 3.0.7-PL1
-
Fix Version/s: 3.0.8-RC1
-
Component/s: Other
-
Labels:None
Calling download/file.php with an empty avatar parameter can result in an E_NOTICE message containing the full path to the phpBB installation.
This is the case when the error_reporting setting (e.g. from php.ini) contains E_NOTICE.
The notice is trown in line
if ($filename[0] === 'g')
|
because the $filename string doesn't have an offset 0 because it's an empty string.
This has been reported by evilzone.org
- is duplicated by
-
PHPBB3-9699 Submitting no avatar id causes a warning
-
- Closed
-