From: Joshua Rüsweg <josh@bastelstu.be>
Date: Thu, 31 Jan 2019 15:28:30 +0000 (+0100)
Subject: Check file extension for image uploads
X-Git-Tag: 5.2.0_Alpha_1~296^2~11
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=a59e1fbbf2eea4f486386887676a1c509cc6959d;p=GitHub%2FWoltLab%2FWCF.git

Check file extension for image uploads
See #2825
---

diff --git a/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php b/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php
index 98a4070d02..bb3e6c8f11 100644
--- a/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php
+++ b/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php
@@ -100,6 +100,17 @@ class AJAXFileUploadAction extends AbstractSecureAction {
 						continue;
 					}
 				}
+				
+				$allowedExtensions = ['jpeg', 'jpg', 'png', 'gif'];
+				if ($field->svgImagesAllowed()) $allowedExtensions[] = 'svg';
+				
+				if (!in_array(pathinfo($_FILES['__files']['name'][$id], PATHINFO_EXTENSION), $allowedExtensions)) {
+					$response['error'][$i++] = [
+						'filename' => $_FILES['__files']['name'][$id],
+						'errorMessage' => WCF::getLanguage()->get('wcf.upload.error.noImage')
+					];
+					continue;
+				}
 			}
 			
 			$tmpFile = FileUtil::getTemporaryFilename('fileUpload_');