chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r14073] Updated php2phps regexp to cope with the security flaw making possible interpretation of PHP scripts when uploaded with a *.php.* filename - see FS#2152

Browse Source
skala
Yannick Warnier 18 years ago
parent 46cdd7148b
commit 6b522c183b
1 changed files with 2 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/inc/lib/fileUpload.lib.php

4
main/inc/lib/fileUpload.lib.php
Unescape View File

@ -106,7 +106,7 @@ function replace_dangerous_char($filename, $strict = 'loose')
function php2phps ($fileName)
{
$fileName = eregi_replace("\.(php.?|phtml)$", ".phps", $fileName);
$fileName = preg_replace('/\.(php.?|phtml.?)\..*$/', '.phps', $fileName);
return $fileName;
}
@ -1097,7 +1097,7 @@ function filter_extension(&$filename)
{
$extensions = split(';',strtolower(api_get_setting('upload_extensions_blacklist')));
$skip = api_get_setting('upload_extensions_skip');
$ext = strrchr($filename, ".");
$ext = strrchr($filename, ".");
$ext = substr($ext,1);
if(empty($ext)){return 1;}//we're in blacklist mode, so accept empty extensions
if(in_array(strtolower($ext),$extensions))

Write Preview
Loading…
Cancel
Save