diff options
author | Frédéric Guillot <fred@kanboard.net> | 2019-02-01 12:12:36 -0800 |
---|---|---|
committer | Frédéric Guillot <fred@kanboard.net> | 2019-02-01 12:12:36 -0800 |
commit | fa08493348f54fae3eed64f8de4eb5893000a918 (patch) | |
tree | cdd3b53ad8c1956983137ee38174fa22f352f150 | |
parent | 6c421da47ac60a4bc27e6f39ca0406461f99ab6d (diff) |
Limit avatar image size
fixes #4041
-rw-r--r-- | app/Controller/AvatarFileController.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/app/Controller/AvatarFileController.php b/app/Controller/AvatarFileController.php index ed8a1028..81a324fb 100644 --- a/app/Controller/AvatarFileController.php +++ b/app/Controller/AvatarFileController.php @@ -59,6 +59,12 @@ class AvatarFileController extends BaseController { $user_id = $this->request->getIntegerParam('user_id'); $size = $this->request->getStringParam('size', 48); + + if ($size > 100) { + $this->response->status(400); + return; + } + $filename = $this->avatarFileModel->getFilename($user_id); $etag = md5($filename.$size); |