Ignore:
Timestamp:
12/21/08 05:04:08 (10 years ago)
Author:
gogo
Message:

Security patch - see ticket:1363

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/plugins/ImageManager/Classes/ImageEditor.php

    r999 r1143  
    260260                        Return $base.'.gif'; 
    261261 
     262    // Ensure type is in acceptable image types 
     263    $valid_extensions = $this->manager->config['allowed_image_extensions'];     
     264    if(!in_array($ext, $valid_extensions)) 
     265                { 
     266      return $base . ".".strtolower($type ? $type : 'jpg'); 
     267                } 
     268     
    262269                Return $filename; 
    263270        } 
Note: See TracChangeset for help on using the changeset viewer.