Revision cd5c298a
Added by Geoffroy Desvernay over 5 years ago
drupal7/includes/file.inc | ||
---|---|---|
1534 | 1534 |
// rename filename.php.foo and filename.php to filename.php.foo.txt and |
1535 | 1535 |
// filename.php.txt, respectively). Don't rename if 'allow_insecure_uploads' |
1536 | 1536 |
// evaluates to TRUE. |
1537 |
if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { |
|
1537 |
if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
|
|
1538 | 1538 |
$file->filemime = 'text/plain'; |
1539 |
$file->uri .= '.txt';
|
|
1539 |
// The destination filename will also later be used to create the URI.
|
|
1540 | 1540 |
$file->filename .= '.txt'; |
1541 | 1541 |
// The .txt extension may not be in the allowed list of extensions. We have |
1542 | 1542 |
// to add it here or else the file upload will fail. |
Also available in: Unified diff
MAJ 7.60 -> 7.62