Changeset 1822

Show
Ignore:
Timestamp:
12/03/2011 10:48:49 PM (2 years ago)
Author:
BrianKoontz
Message:

Prevent uploading of files with multiple extensions. Refs #1097.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • trunk/actions/files/files.php

    r1752 r1822  
    274274                                        unlink($_FILES['file']['tmp_name']); 
    275275                                } 
    276                                 elseif (preg_match('/.+\.('.$allowed_extensions.')$/i', $_FILES['file']['name'])) 
     276                                elseif (preg_match('/^[^\.]+\.('.$allowed_extensions.')$/i', $_FILES['file']['name'])) 
    277277                                { 
    278278                                        $strippedname = str_replace('\'', '', $_FILES['file']['name']);