When entering a long string for allowed_filetypes via the Admin area, the text-area automatically inserts line breaks, which are written to the database as-is.

When $cfg->canUploadFileType($filename) is called from pipe.php, the line breaks become part of the comparison, as they're not being stripped out as part of

$str=ereg_replace(' ','',$this->config);

Any comparison involving an extension that falls on a line-break returns FALSE, instead of TRUE

I solved this on my local copy by inserting the following line after the line quoted above:

$str=ereg_replace("/\n\r|\r\n|\n|\r/", '',$str); //remove line-breaks.

Thus, canUploadFileType() in /include/class.config.php should be edited to read:

function canUploadFileType($filename) {

$ext = preg_replace("/.*\.(.{3,4})$/", "$1", $filename);

$str=ereg_replace(' ','',$this->config); //remove spaces.

$str=ereg_replace("/\n\r|\r\n|\n|\r/", '',$str); //remove line-breaks.

$allowed=$str?explode(',',$str);

return ($ext && is_array($allowed) && in_array(".$ext",$allowed))?TRUE;

}

I'm sure the two ereg_replace calls can be combined into something more elegant, but this gets the job done for me!

Kind regards,

Ebonhand

Write a Reply...