It's still 2016 and the links are now clickable. This was supposed to be done before posting the blog post but was unfortunately overlooked. There are nicer ways of saying this, too.
canonknipser wrote:The mentioned blog-posting is true for phpbb core functions.
But what about extensions or 3.0-Mods?
I remember that the very popular NV-Gallery-Mod had its own image-upload and -resize functions and did not use the phpbb-core functions for attachments.
While we can't guarantee this for all MODS, Extensions, etc., Mods like nickvergessen's Gallery Mod seem to use phpBB's upload classes and therefore also don't seem to be vulnerable as the image checking is done during the upload.