when installing an uploaded package file the $_FILES data is passed through a safety filter via JFilterInput::isSafeFile but for short PHP files the check
if ($options['php_tag_in_content'] && strstr($buffer, '<?php'))
BUT if one of the files in the zip file is short e.g.
<?php
defined('_JEXEC') or die('Restricted access');
then the zip algorithm doesn't compress the content when creating the zip package and leaves the raw file content in the zip file. This means that the uploaded file will incorrectly fail this safety check when there is no reason for it to do so.
Labels |
Added:
?
|
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2015-02-26 09:37:04 |
Should be already fixed with #6180
Closing.