mirror of https://github.com/FreshRSS/FreshRSS.git
Security fix in ext.php (#4928)
Details later. Due to https://github.com/FreshRSS/FreshRSS/pull/3433 (1.18.0)
This commit is contained in:
parent
b835c426d4
commit
62afc060a8
|
@ -101,7 +101,8 @@ if (!isset($_GET['f']) ||
|
|||
|
||||
$file_name = urldecode($_GET['f']);
|
||||
$file_type = $_GET['t'];
|
||||
if (empty(SUPPORTED_TYPES[$file_type])) {
|
||||
if (empty(SUPPORTED_TYPES[$file_type]) ||
|
||||
empty(SUPPORTED_TYPES[pathinfo($file_name, PATHINFO_EXTENSION)])) {
|
||||
sendBadRequestResponse('File type is not supported.');
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue