From 05bf4657f3bd6dde3a05ed4e79ba2e56035c31ce Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 30 Sep 2024 16:30:04 +0200
Subject: [PATCH] Validate the file extensions using lower case
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Previously a check could fail if, for example, â.pngâ is allowed but the uploaded file uses the uppercase â.PNGâ extension.
---
 ts/WoltLabSuite/Core/Component/File/Upload.ts                 | 4 ++--
 .../files/js/WoltLabSuite/Core/Component/File/Upload.js       | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ts/WoltLabSuite/Core/Component/File/Upload.ts b/ts/WoltLabSuite/Core/Component/File/Upload.ts
index a44178222b..8f7fe935e4 100644
--- a/ts/WoltLabSuite/Core/Component/File/Upload.ts
+++ b/ts/WoltLabSuite/Core/Component/File/Upload.ts
@@ -239,11 +239,11 @@ function validateFileSize(element: WoltlabCoreFileUploadElement, file: File): bo
 }
 
 function validateFileExtension(element: WoltlabCoreFileUploadElement, file: File): boolean {
-  const fileExtensions = (element.dataset.fileExtensions || "*").split(",");
+  const fileExtensions = (element.dataset.fileExtensions || "*").toLowerCase().split(",");
   for (const fileExtension of fileExtensions) {
     if (fileExtension === "*") {
       return true;
-    } else if (file.name.endsWith(fileExtension)) {
+    } else if (file.name.toLowerCase().endsWith(fileExtension)) {
       return true;
     }
   }
diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/Component/File/Upload.js b/wcfsetup/install/files/js/WoltLabSuite/Core/Component/File/Upload.js
index 157795b935..227c871344 100644
--- a/wcfsetup/install/files/js/WoltLabSuite/Core/Component/File/Upload.js
+++ b/wcfsetup/install/files/js/WoltLabSuite/Core/Component/File/Upload.js
@@ -157,12 +157,12 @@ define(["require", "exports", "tslib", "WoltLabSuite/Core/Helper/Selector", "Wol
         return false;
     }
     function validateFileExtension(element, file) {
-        const fileExtensions = (element.dataset.fileExtensions || "*").split(",");
+        const fileExtensions = (element.dataset.fileExtensions || "*").toLowerCase().split(",");
         for (const fileExtension of fileExtensions) {
             if (fileExtension === "*") {
                 return true;
             }
-            else if (file.name.endsWith(fileExtension)) {
+            else if (file.name.toLowerCase().endsWith(fileExtension)) {
                 return true;
             }
         }
-- 
2.20.1