From cdeccbb9ba041b47aec0b6e6cc7acea268cf32ad Mon Sep 17 00:00:00 2001
From: Michael Foster <savetheinternet@tinyboard.org>
Date: Mon, 26 Aug 2013 12:13:40 +1000
Subject: [PATCH] Uploading files via URL: fix for URL parameters (eg.
 image.png?id=343543)

---
 post.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/post.php b/post.php
index df7fe435..7ab1eb59 100644
--- a/post.php
+++ b/post.php
@@ -273,8 +273,12 @@ if (isset($_POST['delete'])) {
 		if (!preg_match($config['url_regex'], $post['file_url']))
 			error($config['error']['invalidimg']);
 		
-		
-		$post['extension'] = strtolower(mb_substr($post['file_url'], mb_strrpos($post['file_url'], '.') + 1));
+		if (mb_strpos($post['file_url'], '?') !== false)
+			$url_without_params = mb_substr($post['file_url'], 0, mb_strpos($post['file_url'], '?'));
+		else
+			$url_without_params = $post['file_url'];
+
+		$post['extension'] = strtolower(mb_substr($url_without_params, mb_strrpos($url_without_params, '.') + 1));
 		if (!in_array($post['extension'], $config['allowed_ext']) && !in_array($post['extension'], $config['allowed_ext_files']))
 			error($config['error']['unknownext']);
 
@@ -305,7 +309,7 @@ if (isset($_POST['delete'])) {
 		fclose($fp);
 
 		$_FILES['file'] = array(
-			'name' => basename($post['file_url']),
+			'name' => basename($url_without_params),
 			'tmp_name' => $post['file_tmp'],
 			'error' => 0,
 			'size' => filesize($post['file_tmp'])