Last modified: 2010-05-15 15:28:04 UTC
When uploading a file which contains a . in the filename, the file extension is improperly reported
from implode(). For example, when uploading "ADFVersion1.0.doc", the file extension is determined
Created attachment 363 [details]
SpecialUpload.php (against HEAD and REL1_4)
A patch against HEAD and REL1_4 which fixes the issue.
Multiple extensions are checked to protect against multiple extension attacks, such
as uploading "Hack.php.ogg" which would in older versions be passed as OGG but
on some web server configurations would be interpreted as executable PHP.
*** Bug 3836 has been marked as a duplicate of this bug. ***