From e711262768368abe2edaa4924736702856fb68ee Mon Sep 17 00:00:00 2001
From: "Eric Johansson (neku)" <neku@pomf.se>
Date: Tue, 6 Oct 2015 00:44:30 +0200
Subject: [PATCH] Update core.php

Extension blacklist
---
 includes/core.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/includes/core.php b/includes/core.php
index 42f7961..106cc1e 100644
--- a/includes/core.php
+++ b/includes/core.php
@@ -2,10 +2,15 @@
 function save_file ($file, $name, $arg){
     //Where to save
     $path='/home/neku/www/files/';
+    //Ext blacklist
+    $block = array('exe', 'scr', 'rar', 'zip', 'com', 'vbs', 'bat', 'cmd', 'html', 'htm', 'msi');
     //Generate name depending on arg
     switch($arg){
         case 'random':
             $ext = pathinfo($file.$name, PATHINFO_EXTENSION);
+            $ext = strtolower($ext);
+            if(in_array($ext, $block)){
+                die('File type not allowed.');}
             $file_name = gen_name('random', $ext);
             while(file_exists($path.$file_name)){
                 $file_name = gen_name('random', $ext);
@@ -14,7 +19,11 @@ function save_file ($file, $name, $arg){
         case 'custom_original':
             $name = stripslashes(str_replace('/', '', $name));
             $name = strip_tags(preg_replace('/\s+/', '', $name));
-            $file_name = gen_name('custom_original', $name);
+                $file_name = gen_name('custom_original', $name);
+                $ext = pathinfo($file_name, PATHINFO_EXTENSION);
+                $ext = strtolower($ext);
+                if(in_array($ext, $block)){
+                die('File type not allowed.');}
             while(file_exists($path.$file_name)){
                 $file_name = gen_name('custom_original', $name);
             }