mbirth/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

* Disallow uploading any files with ".php." in the filename

Browse Source 
+      (garvinhicking)
This commit is contained in:
Garvin Hicking
2009-11-16 12:30:30 +00:00
parent fc7da5f2f6
commit 6c87053f31
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/NEWS
View File

@@ -3,6 +3,9 @@
Version 1.5 ()
------------------------------------------------------------------------
* Disallow uploading any files with ".php." in the filename
(garvinhicking)
* Prevent password autocompletion for user passwords to prevent
possible mismatch. In media manager popup, fix bug that did
not properly forward to image selection after upload (onli)

2
include/functions_images.inc.php
View File

@@ -24,7 +24,7 @@ function serendipity_isActiveFile($file) {
return true;
}
$core = preg_match('@\.(php[345]?|[psj]html?|aspx?|cgi|jsp|py|pl)$@i', $file);
$core = preg_match('@\.(php.*|[psj]html?|aspx?|cgi|jsp|py|pl)$@i', $file);
if ($core) {
return true;
}