From a59e1fbbf2eea4f486386887676a1c509cc6959d Mon Sep 17 00:00:00 2001
From: =?utf8?q?Joshua=20R=C3=BCsweg?= <josh@bastelstu.be>
Date: Thu, 31 Jan 2019 16:28:30 +0100
Subject: [PATCH] Check file extension for image uploads See #2825

---
 .../files/lib/action/AJAXFileUploadAction.class.php   | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php b/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php
index 98a4070d02..bb3e6c8f11 100644
--- a/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php
+++ b/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php
@@ -100,6 +100,17 @@ class AJAXFileUploadAction extends AbstractSecureAction {
 						continue;
 					}
 				}
+				
+				$allowedExtensions = ['jpeg', 'jpg', 'png', 'gif'];
+				if ($field->svgImagesAllowed()) $allowedExtensions[] = 'svg';
+				
+				if (!in_array(pathinfo($_FILES['__files']['name'][$id], PATHINFO_EXTENSION), $allowedExtensions)) {
+					$response['error'][$i++] = [
+						'filename' => $_FILES['__files']['name'][$id],
+						'errorMessage' => WCF::getLanguage()->get('wcf.upload.error.noImage')
+					];
+					continue;
+				}
 			}
 			
 			$tmpFile = FileUtil::getTemporaryFilename('fileUpload_');
-- 
2.20.1