return;
}
- if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && !serendipity_isSafeFile($serendipity['GET']['newname'])) {
+ if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && serendipity_isActiveFile($serendipity['GET']['newname'])) {
printf(ERROR_FILE_FORBIDDEN, $serendipity['GET']['newname']);
return;
}
$tindex = 1;
}
- if (preg_match('@^\.@', $tfile) || ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && (preg_match('@\.(php[34]?|[ps]html?)$@i', $tfile)))) {
+ if ($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && serendipity_isActiveFile($tfile)) {
printf(ERROR_FILE_FORBIDDEN, $tfile);
break;
}
return $out;
}
-function serendipity_isSafeFile($file) {
+function serendipity_isActiveFile($file) {
+ if (preg_match('@^\.@', $file)) {
+ return true;
+ }
+
return preg_match('@\.(php[34]?|[psj]html?|aspx?|cgi|jsp|py|pl)$@i', $file);
}