// Add image verification

git-svn-id: http://dev.prestashop.com/svn/v1/branches/1.5.x@16722 b9a71923-0436-4b27-9f14-aed3839534dd

classes/ImageManager.php

@@ -225,6 +225,30 @@ public static function isRealImage($filename, $file_mime_type = null, $mime_type
 		return false;
 	}
 
+	/**
+	 * Check if image file extension is correct
+	 *
+	 * @static
+	 * @param $filename real filename
+	 * @return bool true if it's correct
+	 */
+	public static function isCorrectImageFileExt($filename)
+	{
+		// Filter on file extension
+		$authorized_extensions = array('gif', 'jpg', 'jpeg', 'jpe', 'png');
+		$name_explode = explode('.', $filename);
+		if (count($name_explode))
+		{
+			$current_extension = strtolower($name_explode[count($name_explode) - 1]);
+			if (!in_array($current_extension, $authorized_extensions))
+				return false;
+		}
+		else
+			return false;
+
+		return true;
+	}
+
 	/**
 	 * Validate image upload (check image type and weight)
 	 *
@@ -240,7 +264,7 @@ public static function validateUpload($file, $max_file_size = 0)
 				$file['size'] / 1000,
 				$max_file_size / 1000
 			);
-		if (!ImageManager::isRealImage($file['tmp_name'], $file['type']))
+		if (!ImageManager::isRealImage($file['tmp_name'], $file['type']) || !ImageManager::isCorrectImageFileExt($file['name']))
 			return Tools::displayError('Image format not recognized, allowed formats are: .gif, .jpg, .png');
 		if ($file['error'])
 			return sprintf(Tools::displayError('Error while uploading image; please change your server\'s settings. (Error code: %s)'), $file['error']);