From 6c87053f318afe1f9d21f881863b6c414417c3c7 Mon Sep 17 00:00:00 2001
From: Garvin Hicking <mail@garv.in>
Date: Mon, 16 Nov 2009 12:30:30 +0000
Subject: [PATCH]     * Disallow uploading any files with ".php." in the
 filename +      (garvinhicking)

---
 docs/NEWS                        | 3 +++
 include/functions_images.inc.php | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/NEWS b/docs/NEWS
index 28bcbc49..abd8afa6 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -3,6 +3,9 @@
 Version 1.5 ()
 ------------------------------------------------------------------------
 
+    * Disallow uploading any files with ".php." in the filename
+      (garvinhicking)
+
     * Prevent password autocompletion for user passwords to prevent
       possible mismatch. In media manager popup, fix bug that did
       not properly forward to image selection after upload (onli)
diff --git a/include/functions_images.inc.php b/include/functions_images.inc.php
index 258eb8be..cff7be13 100644
--- a/include/functions_images.inc.php
+++ b/include/functions_images.inc.php
@@ -24,7 +24,7 @@ function serendipity_isActiveFile($file) {
         return true;
     }
 
-    $core = preg_match('@\.(php[345]?|[psj]html?|aspx?|cgi|jsp|py|pl)$@i', $file);
+    $core = preg_match('@\.(php.*|[psj]html?|aspx?|cgi|jsp|py|pl)$@i', $file);
     if ($core) {
         return true;
     }