MyBB Community Forums

MyBB Community Forums > Development > MyBB 1.8 Development > 1.8 Bugs and Issues > Pushed > avatar extension check
Full Version: avatar extension check
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Jones H

2014-11-02, 12:22 AM
Old code from 1.6.15:
	// Check we have a valid extension
	$ext = get_extension(my_strtolower($avatar['name']));
	if(!preg_match("#^(gif|jpg|jpeg|jpe|bmp|png)$#i", $ext))
	{
		$ret['error'] = $lang->error_avatartype;
		return $ret;
	}

New code from 1.8:
	// Check we have a valid extension
	// This is attached to the attachment types allowed to be uploaded (set in the ACP)
	$valid_extensions = array();
	$extensions = $cache->read("attachtypes");

	foreach($extensions as $ext => $type)
	{
		if(substr($type['mimetype'], 0, 5) == 'image')
		{
			$valid_extensions[$ext] = 1;
		}
	}

	$ext = get_extension(my_strtolower($avatar['name']));

	if(!isset($valid_extensions[$ext]))
	{
		$ret['error'] = $lang->error_avatartype;
		return $ret;
	}

As you can see we're checking the extension now against the list of allowed attachment types. This leads to two problems:

- If you don't allow any images in your board the upload avatar function is useless and a short notice should be shown
- The error message still says "An uploaded avatar must be in GIF, JPEG, or PNG format."

So either the error message should be updated or the code needs some changes.

Eldenroot

2014-11-02, 10:05 AM
Yes, I agree

Euan T

2014-11-02, 10:52 AM
Agreed.

Destroy666

2014-11-03, 05:50 PM
Why is it verified against attachment types anyways? Avatars != attachments, they're completely different features. The admin may not want to have image attachments on his forum, but that doesn't mean that he doesn't want avatars..

I'd revert to the 1.6 code, it's much more reasonable in my opinion. Either that or we should add a setting for allowed avatar upload extensions.

Eldenroot

2014-11-03, 07:09 PM
settings for allowed extensions would be better

martec

2014-11-04, 01:39 PM
(2014-11-03, 05:50 PM)Destroy666 Wrote: [ -> ]I'd revert to the 1.6 code, it's much more reasonable in my opinion.

yes... better...

(2014-11-03, 05:50 PM)Destroy666 Wrote: [ -> ]Either that or we should add a setting for allowed avatar upload extensions.

for me better limit file size in kb only, makes more sense...

laie_techie

2014-11-04, 07:06 PM
(2014-11-03, 05:50 PM)Destroy666 Wrote: [ -> ]Why is it verified against attachment types anyways? Avatars != attachments, they're completely different features. The admin may not want to have image attachments on his forum, but that doesn't mean that he doesn't want avatars..

I'd revert to the 1.6 code, it's much more reasonable in my opinion. Either that or we should add a setting for allowed avatar upload extensions.

I vote for new settings for Avatars. Include allowed extensions, file size, etc.

ATofighi

2014-11-17, 03:02 PM
Hi,

Thank you for your report. We have pushed this issue to our Github repository for further analysis where you can track our commits and progress with fixing this bug. Discussions regarding this bug may also take place there too.

Follow this link to visit the issue on Github: https://github.com/mybb/mybb/issues/1624

Thanks for contributing to MyBB!

Regards,
The MyBB Group
MyBB Community Forums > Development > MyBB 1.8 Development > 1.8 Bugs and Issues > Pushed > avatar extension check