Disallow certain file extensions (.php and friends by default) since the check for
filetype isn't safe. File type is user input and easily tampered with.
Authored by: hansfn 2014-03-02
Parent: [r4346]
Child: [r4348]