diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-04-28 16:57:23 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-04-28 16:57:23 +0200 |
| commit | 34d0e610ccb2f188954b33d87b4ad806a2de66fc (patch) | |
| tree | 542d9241fd5b91ad810351dbfcf338a79f7ef8ea /lib/private/avatarmanager.php | |
| parent | 132ce04f319661ac33d3f83e013075a4d4e942d9 (diff) | |
| download | nextcloud-server-34d0e610ccb2f188954b33d87b4ad806a2de66fc.tar.gz nextcloud-server-34d0e610ccb2f188954b33d87b4ad806a2de66fc.zip | |
Filter potential dangerous filenames for avatars
We don't want to have users misusing this API resulting in a potential file disclosure of "avatar.(jpg|png)" files.
Diffstat (limited to 'lib/private/avatarmanager.php')
| -rw-r--r-- | lib/private/avatarmanager.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/private/avatarmanager.php b/lib/private/avatarmanager.php index 0ff4a3444e2..42f711ee249 100644 --- a/lib/private/avatarmanager.php +++ b/lib/private/avatarmanager.php @@ -37,6 +37,7 @@ class AvatarManager implements IAvatarManager { * @see \OCP\IAvatar * @param string $user the ownCloud user id * @return \OCP\IAvatar + * @throws \Exception In case the username is potentially dangerous */ public function getAvatar($user) { return new Avatar($user); |