Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if (isset($_GET['avatar']))
- {
- require($phpbb_root_path . 'includes/startup.' . $phpEx);
- require($phpbb_root_path . 'phpbb/class_loader.' . $phpEx);
- $phpbb_class_loader = new \phpbb\class_loader('phpbb\\', "{$phpbb_root_path}phpbb/", $phpEx);
- $phpbb_class_loader->register();
- $phpbb_config_php_file = new \phpbb\config_php_file($phpbb_root_path, $phpEx);
- extract($phpbb_config_php_file->get_all());
- if (!defined('PHPBB_ENVIRONMENT'))
- {
- @define('PHPBB_ENVIRONMENT', 'production');
- }
- if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
- {
- exit;
- }
- require($phpbb_root_path . 'includes/constants.' . $phpEx);
- require($phpbb_root_path . 'includes/functions.' . $phpEx);
- require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
- require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx);
- // Setup class loader first
- $phpbb_class_loader_ext = new \phpbb\class_loader('\\', "{$phpbb_root_path}ext/", $phpEx);
- $phpbb_class_loader_ext->register();
- // Set up container
- $phpbb_container_builder = new \phpbb\di\container_builder($phpbb_root_path, $phpEx);
- $phpbb_container = $phpbb_container_builder->with_config($phpbb_config_php_file)->get_container();
- $phpbb_class_loader->set_cache($phpbb_container->get('cache.driver'));
- $phpbb_class_loader_ext->set_cache($phpbb_container->get('cache.driver'));
- // set up caching
- /* @var $cache \phpbb\cache\service */
- $cache = $phpbb_container->get('cache');
- /* @var $phpbb_dispatcher \phpbb\event\dispatcher */
- $phpbb_dispatcher = $phpbb_container->get('dispatcher');
- /* @var $request \phpbb\request\request_interface */
- $request = $phpbb_container->get('request');
- /* @var $db \phpbb\db\driver\driver_interface */
- $db = $phpbb_container->get('dbal.conn');
- /* @var $phpbb_log \phpbb\log\log_interface */
- $phpbb_log = $phpbb_container->get('log');
- unset($dbpasswd);
- /* @var $config \phpbb\config\config */
- $config = $phpbb_container->get('config');
- // load extensions
- /* @var $phpbb_extension_manager \phpbb\extension\manager */
- $phpbb_extension_manager = $phpbb_container->get('ext.manager');
- // worst-case default
- $browser = strtolower($request->header('User-Agent', 'msie 6.0'));
- /* @var $phpbb_avatar_manager \phpbb\avatar\manager */
- $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
- $filename = $request->variable('avatar', '');
- $avatar_group = false;
- $exit = false;
- if (isset($filename[0]) && $filename[0] === 'g')
- {
- $avatar_group = true;
- $filename = substr($filename, 1);
- }
- // '==' is not a bug - . as the first char is as bad as no dot at all
- if (strpos($filename, '.') == false)
- {
- send_status_line(403, 'Forbidden');
- $exit = true;
- }
- if (!$exit)
- {
- $ext = substr(strrchr($filename, '.'), 1);
- $stamp = (int) substr(stristr($filename, '_'), 1);
- $filename = (int) $filename;
- $exit = set_modified_headers($stamp, $browser);
- }
- if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
- {
- // no way such an avatar could exist. They are not following the rules, stop the show.
- send_status_line(403, 'Forbidden');
- $exit = true;
- }
- if (!$exit)
- {
- if (!$filename)
- {
- // no way such an avatar could exist. They are not following the rules, stop the show.
- send_status_line(403, 'Forbidden');
- }
- else
- {
- send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
- }
- }
- file_gc();
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement