Security fix in ext.php (#4928)

Details later. Due to https://github.com/FreshRSS/FreshRSS/pull/3433 (1.18.0)
2022-12-08 10:25:57 +01:00 · 2022-12-08 10:25:57 +01:00 · 62afc060a8
parent b835c426d4
commit 62afc060a8
1 changed files with 2 additions and 1 deletions
--- a/p/ext.php
+++ b/p/ext.php
@ -101,7 +101,8 @@ if (!isset($_GET['f']) ||

 $file_name = urldecode($_GET['f']);
 $file_type = $_GET['t'];
-if (empty(SUPPORTED_TYPES[$file_type])) {
+if (empty(SUPPORTED_TYPES[$file_type]) ||
+	empty(SUPPORTED_TYPES[pathinfo($file_name, PATHINFO_EXTENSION)])) {
 	sendBadRequestResponse('File type is not supported.');
 }