Révision cd5c298a
Ajouté par Geoffroy Desvernay il y a plus de 5 ans
| drupal7/includes/file.inc | ||
|---|---|---|
| 1534 | 1534 |
// rename filename.php.foo and filename.php to filename.php.foo.txt and |
| 1535 | 1535 |
// filename.php.txt, respectively). Don't rename if 'allow_insecure_uploads' |
| 1536 | 1536 |
// evaluates to TRUE. |
| 1537 |
if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
|
|
| 1537 |
if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
|
|
| 1538 | 1538 |
$file->filemime = 'text/plain'; |
| 1539 |
$file->uri .= '.txt';
|
|
| 1539 |
// The destination filename will also later be used to create the URI.
|
|
| 1540 | 1540 |
$file->filename .= '.txt'; |
| 1541 | 1541 |
// The .txt extension may not be in the allowed list of extensions. We have |
| 1542 | 1542 |
// to add it here or else the file upload will fail. |
Formats disponibles : Unified diff
MAJ 7.60 -> 7.62