diff options
| -rw-r--r-- | app/Controller/AvatarFileController.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/app/Controller/AvatarFileController.php b/app/Controller/AvatarFileController.php index ed8a1028..81a324fb 100644 --- a/app/Controller/AvatarFileController.php +++ b/app/Controller/AvatarFileController.php @@ -59,6 +59,12 @@ class AvatarFileController extends BaseController { $user_id = $this->request->getIntegerParam('user_id'); $size = $this->request->getStringParam('size', 48); + + if ($size > 100) { + $this->response->status(400); + return; + } + $filename = $this->avatarFileModel->getFilename($user_id); $etag = md5($filename.$size); |