Skip to content

Commit

Permalink
Merge branch '2.8' into 2.9
Browse files Browse the repository at this point in the history
  • Loading branch information
@thorsten
thorsten committed Dec 1, 2013
2 parents f75787a + 5b66a18 commit 6ebfbba
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions phpmyfaq/admin/editor/plugins/ajaxfilemanager/inc/class.upload.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,14 @@ function moveUploadedFile($dest, $fileBaseName = '', $overwrite=false)
return false;
}

// Don't allow PHP files
$blacklist = array('.php', '.phtml', '.php3', '.php4', '.php5');
foreach ($blacklist as $item) {
if (preg_match("/$item\$/i", $this->_value['tmp_name'])) {
return false;
}
}

// Don't allow nullbytes in uploaded files
$this->_value['tmp_name'] = str_replace(chr(0), '', $this->_value['tmp_name']);

Expand Down

0 comments on commit 6ebfbba

Please sign in to comment.