From 409e09c9861f7fa0b89b7c62788fc9b21cc34b6a Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 23 Dec 2013 16:41:26 +0100
Subject: [PATCH] Proper validation of file extension (supports multipel e.g.
 .tar.gz)

---
 .../upload/DefaultUploadFileValidationStrategy.class.php      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wcfsetup/install/files/lib/system/upload/DefaultUploadFileValidationStrategy.class.php b/wcfsetup/install/files/lib/system/upload/DefaultUploadFileValidationStrategy.class.php
index d1847e7dce..8e0131aa48 100644
--- a/wcfsetup/install/files/lib/system/upload/DefaultUploadFileValidationStrategy.class.php
+++ b/wcfsetup/install/files/lib/system/upload/DefaultUploadFileValidationStrategy.class.php
@@ -39,7 +39,7 @@ class DefaultUploadFileValidationStrategy implements IUploadFileValidationStrate
 	public function __construct($maxFilesize, array $fileExtensions) {
 		$this->maxFilesize = $maxFilesize;
 		$this->fileExtensions = $fileExtensions;
-		$this->fileExtensionRegex = '/^('.str_replace("\n", "|", str_replace('\*', '.*', preg_quote(implode("\n", $fileExtensions), '/'))).')$/i';
+		$this->fileExtensionRegex = '/('.str_replace("\n", "|", str_replace('\*', '.*', preg_quote(implode("\n", $fileExtensions), '/'))).')$/i';
 	}
 	
 	/**
@@ -56,7 +56,7 @@ class DefaultUploadFileValidationStrategy implements IUploadFileValidationStrate
 			return false;
 		}
 		
-		if (!preg_match($this->fileExtensionRegex, $uploadFile->getFileExtension())) {
+		if (!preg_match($this->fileExtensionRegex, mb_strtolower($uploadFile->getFilename()))) {
 			$uploadFile->setValidationErrorType('invalidExtension');
 			return false;
 		}
-- 
2.20.1