+--------------------------------------------------------------------------------+
| MyBB 1.1.6 to 1.1.7 Patch File                                                 |
| (c) 2006 MyBB Group.                                                           |
|                                                                                |
| This patch file fixes a security issue in regards to MyBB 1.1.6                |
|                                                                                |
| Please follow the instructions documented to manually patch your board         |
| to MyBB 1.1.7                                                                  |
+--------------------------------------------------------------------------------+

--------------------
1. usercp.php
--------------------

Find:
--
	if($mybb->input['gallery'])
	{
		$gallery = $mybb->input['gallery'];
--

Replace with:
--
	if($activegallery)
	{
		$gallery = str_replace("..", "", $mybb->input['gallery']);
--

Find:
--
if(preg_match("#gif|jpg|jpeg|jpe|bmp|png#i", $ext) && $mybb->settings['maxavatardims'] != "")
{
	list($width, $height) = @getimagesize($mybb->input['avatarurl']);
	list($maxwidth, $maxheight) = explode("x", $mybb->settings['maxavatardims']);
	if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight))
	{
		$lang->error_avatartoobig = sprintf($lang->error_avatartoobig, $maxwidth, $maxheight);
		error($lang->error_avatartoobig);
	}
}
--

Replace with:
--
list($width, $height, $type) = @getimagesize($mybb->input['avatarurl']);

if(!$type)
{
	error($lang->error_invalidavatarurl);
}

if($width && $height && $mybb->settings['maxavatardims'] != "")
{
	list($maxwidth, $maxheight) = explode("x", $mybb->settings['maxavatardims']);
	if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight))
	{
		$lang->error_avatartoobig = sprintf($lang->error_avatartoobig, $maxwidth, $maxheight);
		error($lang->error_avatartoobig);
	}
}
--

--------------------
2. inc/functions.php (Version number change)
--------------------

Find: (Version number change)
--
$mybboard['internalver'] = "1.1.6";
$mybboard['vercode'] = "116";
--

Replace with:
--
$mybboard['internalver'] = "1.1.7";
$mybboard['vercode'] = "117";
--

--------------------
3. inc/languages/english/usercp.lang.php (If you use another language, you'll need to edit the same file in the corresponding language directory)
--------------------

Find:
--
?>
--

ABOVE it add:
--
$l['error_invalidavatarurl'] = "The URL you entered for your avatar does not appear to be valid. Please ensure you enter a valid URL.";
--