Check file extension for image uploads

See #2825

diff --git a/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php b/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php
index 98a4070d02bf44fc6636fde2bd81c58c33f75be1..bb3e6c8f1187bd7156282cd4fc375dbb871057ed 100644 (file)
--- a/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php
+++ b/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php
@@ -100,6 +100,17 @@ class AJAXFileUploadAction extends AbstractSecureAction {
                                                continue;
                                        }
                                }
+                               
+                               $allowedExtensions = ['jpeg', 'jpg', 'png', 'gif'];
+                               if ($field->svgImagesAllowed()) $allowedExtensions[] = 'svg';
+                               
+                               if (!in_array(pathinfo($_FILES['__files']['name'][$id], PATHINFO_EXTENSION), $allowedExtensions)) {
+                                       $response['error'][$i++] = [
+                                               'filename' => $_FILES['__files']['name'][$id],
+                                               'errorMessage' => WCF::getLanguage()->get('wcf.upload.error.noImage')
+                                       ];
+                                       continue;
+                               }
                        }
                        
                        $tmpFile = FileUtil::getTemporaryFilename('fileUpload_');