Add FileUtil::extensionAllowsPhpExecution()

see WoltLab/com.woltlab.gallery@708e0a8707508c3e45b08ab6a8ae5083eabf00b7

diff --git a/wcfsetup/install/files/lib/util/FileUtil.class.php b/wcfsetup/install/files/lib/util/FileUtil.class.php
index bc8f58f800d28dc194052353dedf0947ffc65d89..4cc115f82d34b2dd8f43dc5dc7e1bc9034e49fc4 100644 (file)
--- a/wcfsetup/install/files/lib/util/FileUtil.class.php
+++ b/wcfsetup/install/files/lib/util/FileUtil.class.php
@@ -739,6 +739,16 @@ final class FileUtil
         return '';
     }
 
+    /**
+     * Returns whether the given $extension might allow for execution of
+     * PHP code and thus must not be used for untrusted files uploaded by
+     * a user.
+     */
+    public function extensionAllowsPhpExecution(string $extension): bool
+    {
+        return !!\preg_match('/^\.?(php[0-9]*|phtml)$/', $extension);
+    }
+
     /**
      * Forbid creation of FileUtil objects.
      */