Limit avatar image size

fixes #4041
author: Frédéric Guillot <fred@kanboard.net> 2019-02-01 12:12:36 -0800
committer: Frédéric Guillot <fred@kanboard.net> 2019-02-01 12:12:36 -0800
commit: fa08493348f54fae3eed64f8de4eb5893000a918 (patch)
tree: cdd3b53ad8c1956983137ee38174fa22f352f150 /app/Controller
parent: 6c421da47ac60a4bc27e6f39ca0406461f99ab6d (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/app/Controller/AvatarFileController.php b/app/Controller/AvatarFileController.php
index ed8a1028..81a324fb 100644
--- a/app/Controller/AvatarFileController.php
+++ b/app/Controller/AvatarFileController.php
@@ -59,6 +59,12 @@ class AvatarFileController extends BaseController
     {
         $user_id = $this->request->getIntegerParam('user_id');
         $size = $this->request->getStringParam('size', 48);
+
+        if ($size > 100) {
+            $this->response->status(400);
+            return;
+        }
+
         $filename = $this->avatarFileModel->getFilename($user_id);
         $etag = md5($filename.$size);
author	Frédéric Guillot <fred@kanboard.net>	2019-02-01 12:12:36 -0800
committer	Frédéric Guillot <fred@kanboard.net>	2019-02-01 12:12:36 -0800
commit	fa08493348f54fae3eed64f8de4eb5893000a918 (patch)
tree	cdd3b53ad8c1956983137ee38174fa22f352f150 /app/Controller
parent	6c421da47ac60a4bc27e6f39ca0406461f99ab6d (diff)