--- a/branches/2.3.x/pivotx/fileupload.php
+++ b/branches/2.3.x/pivotx/fileupload.php
@@ -80,11 +80,12 @@
// (We take care to handle double extensions like "whatever.php.jpg".)
$disallowedextensions = array_map('trim', explode(',', getDefault($PIVOTX['config']->get('upload_disallowed_extensions'), '.php,.php\d')));
foreach ($disallowedextensions as $ext) {
- $pattern = "/($ext)(\.|$)/i";
+ $pattern = '/(\\' . $ext . ')(?=(\.|$))/i';
if (preg_match($pattern, $fileName)) {
$msg = sprintf(__("File (%s) with illegal file extension (%s) uploaded - filename altered."), $fileName, $ext);
debug($msg);
- $fileName = preg_replace($pattern, '$1_$2', $fileName);
+ $fileName = preg_replace($pattern, '$1_', $fileName);
+ $fileName .= '.txt';
break;
}
}
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.