Caused by the file extension check which is done with an in_array($extension, explode('.', $filename)): Any files can be uploaded when the filename contains a defined extension between two dots. It doesn't necessarily need to occur at the end of the filename, which is where the bug lies (but then, cases like "tar.gz" should also be considered).

Which is bad - I think this can be regarded as critical bug.

Comments

jpetso’s picture

jpetso commented
Status: Active » Fixed

Fixed in filefield HEAD with commit #74242, together with issue 155398. One grave bug less, yay.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)