mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

* Disallow uploading any files with ".php." in the filename

Browse Source 
+      (garvinhicking)
This commit is contained in:
Garvin Hicking 2009-11-16 12:30:30 +00:00
parent fc7da5f2f6
commit 6c87053f31
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/NEWS
View File

@ -3,6 +3,9 @@
Version 1.5 () Version 1.5 ()
------------------------------------------------------------------------ ------------------------------------------------------------------------
* Disallow uploading any files with ".php." in the filename
(garvinhicking)
* Prevent password autocompletion for user passwords to prevent * Prevent password autocompletion for user passwords to prevent
possible mismatch. In media manager popup, fix bug that did possible mismatch. In media manager popup, fix bug that did
not properly forward to image selection after upload (onli) not properly forward to image selection after upload (onli)

2
include/functions_images.inc.php
View File

@ -24,7 +24,7 @@ function serendipity_isActiveFile($file) {
return true; return true;
} }
$core = preg_match('@\.(php[345]?|[psj]html?|aspx?|cgi|jsp|py|pl)$@i', $file); $core = preg_match('@\.(php.*|[psj]html?|aspx?|cgi|jsp|py|pl)$@i', $file);
if ($core) { if ($core) {
return true; return true;
} }