Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.0.7-PL1
-
None
Description
Calling download/file.php with an empty avatar parameter can result in an E_NOTICE message containing the full path to the phpBB installation.
This is the case when the error_reporting setting (e.g. from php.ini) contains E_NOTICE.
The notice is trown in line
if ($filename[0] === 'g')
|
because the $filename string doesn't have an offset 0 because it's an empty string.
This has been reported by evilzone.org
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-