1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## Address CVE-2007-2024 by thijs@debian.org
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: CVE-2007-2024
diff -ur phpwiki-1.3.12p3.orig/lib/plugin/UpLoad.php phpwiki-1.3.12p3/lib/plugin/UpLoad.php
--- phpwiki-1.3.12p3.orig/lib/plugin/UpLoad.php 2006-06-18 13:19:23.000000000 +0200
+++ phpwiki-1.3.12p3/lib/plugin/UpLoad.php 2007-09-09 13:37:48.000000000 +0200
@@ -136,7 +136,7 @@
$userfile_name = trim(basename($userfile_name));
$userfile_tmpname = $userfile->getTmpName();
$err_header = HTML::h2(fmt("ERROR uploading '%s': ", $userfile_name));
- if (preg_match("/(\." . join("|\.", $this->disallowed_extensions) . ")\$/",
+ if (preg_match("/(\." . join("|\.", $this->disallowed_extensions) . ")(\.|\$)/i",
$userfile_name))
{
$message->pushContent($err_header);
|
