#U4-5901 Fixed Due in version 7.2.0

Remote Code Execution
umbraco · Nov 27, 2014 · cad0650 · cad0650
1 parent d8909fe
commit cad0650
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/Umbraco.Web.UI/config/umbracoSettings.Release.config b/src/Umbraco.Web.UI/config/umbracoSettings.Release.config
@@ -45,7 +45,7 @@
     <MacroErrors>inline</MacroErrors>
 
     <!-- These file types will not be allowed to be uploaded via the upload control for media and content -->
-    <disallowedUploadFiles>ashx,aspx,ascx,config,cshtml,vbhtml,asmx,air,axd,swf,xml,html.htm,svg</disallowedUploadFiles>
+    <disallowedUploadFiles>ashx,aspx,ascx,config,cshtml,vbhtml,asmx,air,axd,swf,xml,html.htm,svg,php</disallowedUploadFiles>
 
     <!-- Defines the default document type property used when adding properties in the back-office (if missing or empty, defaults to Textstring -->
     <defaultDocumentTypeProperty>Textstring</defaultDocumentTypeProperty>

diff --git a/src/Umbraco.Web.UI/config/umbracoSettings.config b/src/Umbraco.Web.UI/config/umbracoSettings.config
@@ -98,7 +98,7 @@
     <MacroErrors>throw</MacroErrors>
 
     <!-- These file types will not be allowed to be uploaded via the upload control for media and content -->
-    <disallowedUploadFiles>ashx,aspx,ascx,config,cshtml,vbhtml,asmx,air,axd,swf,xml,html.htm,svg</disallowedUploadFiles>
+    <disallowedUploadFiles>ashx,aspx,ascx,config,cshtml,vbhtml,asmx,air,axd,swf,xml,html.htm,svg,php</disallowedUploadFiles>
 
     <!-- Defines the default document type property used when adding properties in the back-office (if missing or empty, defaults to Textstring -->
     <defaultDocumentTypeProperty>Textstring</defaultDocumentTypeProperty>