Ignore:
Timestamp:
12/21/08 05:04:08 (10 years ago)
Author:
gogo
Message:

Security patch - see ticket:1363

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/plugins/ImageManager/Classes/ImageManager.php

    r999 r1143  
    456456                                Return false; 
    457457                        } 
     458                } 
     459     
     460    $valid_extensions = $this->config['allowed_image_extensions']; 
     461    $afruext = strtolower(substr(strrchr($file['name'], "."), 1)); 
     462    if(!in_array($afruext, $valid_extensions)) 
     463                { 
     464                        Files::delFile($file['tmp_name']); 
     465                        Return 'Cannot upload $extension='.$afruext.'$ Files. Permission denied.'; 
    458466                } 
    459467 
Note: See TracChangeset for help on using the changeset viewer.