From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 23 Dec 2013 15:41:26 +0000 (+0100)
Subject: Proper validation of file extension (supports multipel e.g. .tar.gz)
X-Git-Tag: 2.0.1~19^2~2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=409e09c9861f7fa0b89b7c62788fc9b21cc34b6a;p=GitHub%2FWoltLab%2FWCF.git

Proper validation of file extension (supports multipel e.g. .tar.gz)
---

diff --git a/wcfsetup/install/files/lib/system/upload/DefaultUploadFileValidationStrategy.class.php b/wcfsetup/install/files/lib/system/upload/DefaultUploadFileValidationStrategy.class.php
index d1847e7dce..8e0131aa48 100644
--- a/wcfsetup/install/files/lib/system/upload/DefaultUploadFileValidationStrategy.class.php
+++ b/wcfsetup/install/files/lib/system/upload/DefaultUploadFileValidationStrategy.class.php
@@ -39,7 +39,7 @@ class DefaultUploadFileValidationStrategy implements IUploadFileValidationStrate
 	public function __construct($maxFilesize, array $fileExtensions) {
 		$this->maxFilesize = $maxFilesize;
 		$this->fileExtensions = $fileExtensions;
-		$this->fileExtensionRegex = '/^('.str_replace("\n", "|", str_replace('\*', '.*', preg_quote(implode("\n", $fileExtensions), '/'))).')$/i';
+		$this->fileExtensionRegex = '/('.str_replace("\n", "|", str_replace('\*', '.*', preg_quote(implode("\n", $fileExtensions), '/'))).')$/i';
 	}
 	
 	/**
@@ -56,7 +56,7 @@ class DefaultUploadFileValidationStrategy implements IUploadFileValidationStrate
 			return false;
 		}
 		
-		if (!preg_match($this->fileExtensionRegex, $uploadFile->getFileExtension())) {
+		if (!preg_match($this->fileExtensionRegex, mb_strtolower($uploadFile->getFilename()))) {
 			$uploadFile->setValidationErrorType('invalidExtension');
 			return false;
 		}