Fix the list of allowed file extensions when containing dots

author Alexander Ebert <ebert@woltlab.com>

Wed, 7 Aug 2024 11:39:52 +0000 (13:39 +0200)

committer Alexander Ebert <ebert@woltlab.com>

Wed, 7 Aug 2024 11:39:52 +0000 (13:39 +0200)
author Alexander Ebert <ebert@woltlab.com>
Wed, 7 Aug 2024 11:39:52 +0000 (13:39 +0200)
committer Alexander Ebert <ebert@woltlab.com>
Wed, 7 Aug 2024 11:39:52 +0000 (13:39 +0200)
diff --git a/wcfsetup/install/files/lib/system/file/processor/FileProcessor.class.php b/wcfsetup/install/files/lib/system/file/processor/FileProcessor.class.php

index 1e45efebecd568735571da37ea8a7f6619afbec6..e09a201fb89865d5f48b6b0b2797d4650bcbeb29 100644 (file)
--- a/wcfsetup/install/files/lib/system/file/processor/FileProcessor.class.php
+++ b/wcfsetup/install/files/lib/system/file/processor/FileProcessor.class.php
@@ -76,6 +76,16 @@ final class FileProcessor extends SingletonFactory
          if (\in_array('*', $allowedFileExtensions)) {
              $allowedFileExtensions = '';
          } else {
+            // The `accept` attribute of `input[type="file"]` is a bit weird and
+            // only validates against the string to the right of the last
+            // period. This means an extension `.tar.gz` can never match.
+            $allowedFileExtensions = \array_unique(
+                \array_map(
+                    static fn(string $fileExtension) => \preg_replace('~.*?([^.]+)$~', '\\1', $fileExtension),
+                    $allowedFileExtensions,
+                ),
+            );
+
              $allowedFileExtensions = \implode(
                  ',',
                  \array_map(
author	Alexander Ebert <ebert@woltlab.com>
	Wed, 7 Aug 2024 11:39:52 +0000 (13:39 +0200)
committer	Alexander Ebert <ebert@woltlab.com>
	Wed, 7 Aug 2024 11:39:52 +0000 (13:39 +0200)