reset upload_banned_exts to new default

WackoWiki · Mar 10, 2023 · 40a17a7 · 40a17a7
1 parent 37d5e87
commit 40a17a7
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/src/admin/module/config_upload.php b/src/admin/module/config_upload.php
@@ -68,7 +68,7 @@ function admin_config_upload($engine, $module)
 			}
 		}
 
-		$p_allowed_exts	= $_POST['upload_allowed_exts'] ?? '';
+		$p_allowed_exts	= trim($_POST['upload_allowed_exts'] ?? '');
 
 		// validate upload_allowed_exts parameter, e.g (png, ogg, mp4)
 		$sanitize_exts = function($extensions) use ($engine)
@@ -80,6 +80,7 @@ function admin_config_upload($engine, $module)
 
 			$banned_exts	= $engine->get_filetype_list($engine->db->upload_banned_exts);
 			$allowed_exts	= $engine->get_filetype_list($extensions);
+			$allowed		= [];
 
 			foreach ($allowed_exts as $ext)
 			{
@@ -90,9 +91,16 @@ function admin_config_upload($engine, $module)
 				}
 			}
 
-			sort($allowed);
+			if ($allowed)
+			{
+				sort($allowed);
 
-			return implode(', ', array_unique($allowed));
+				return implode(', ', array_unique($allowed));
+			}
+			else
+			{
+				return '';
+			}
 		};
 
 		$allowed_exts = $sanitize_exts($p_allowed_exts);

diff --git a/src/setup/install-database.php b/src/setup/install-database.php
@@ -84,6 +84,12 @@
 	{
 		$config['typografica']	= $config['default_typografica'];
 	}
+
+	if (version_compare($config['wacko_version'], '6.1.19', '<'))
+	{
+		// reset extensions to new default
+		$config['upload_banned_exts']	= 'asa, asax, ascx, ashx, asmx, asp, aspx, axd, bat, cdx, cer, cgi, cmd, com, config, cpl, csproj, cs, dll, exe, htm, html, htr, htw, ida, idc, idq, jhtml, js, jsb, jsp, licx, mht, mhtml, msi, phar, php, php3, php4, php5, php7, pht, phtm, phtml, pif, pl, printer, py, rem, resources, resx, scr, shtm, shtml, soap, ssi, stm, vb, vbproj, vbs, vdisco, vxd, webinfo, xap, xht, xhtm, xhtml';
+	}
 }
 
 /*