Update filemanager.inc.php

Fucntion · Mar 19, 2016 · 416702f · 416702f
1 parent fa75279
commit 416702f
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/mods/_core/file_manager/filemanager.inc.php b/mods/_core/file_manager/filemanager.inc.php
@@ -152,7 +152,6 @@ function preExtractCallBack($p_event, &$p_header) {
 */
  function preImportCallBack($p_event, &$p_header) {
  global $IllegalExtentions;
- $legalExtensions = array("txt", "xml");
 
  if ($p_header['folder'] == 1) {
  return 1;
@@ -165,8 +164,9 @@ function preImportCallBack($p_event, &$p_header) {
  if (strpos($path_parts['dirname'], '..') !== false) {
  return 0;
  }
- # we use a white list, again, we could log here
- if (!in_array($ext, $legalExtentions)) {
+ # we should use a whitelist here instead of a blacklist,
+ # but the code above should stop traversal attacks at least
+ if (in_array($ext, $IllegalExtentions)) {
  return 0;
  }