prevent swf/flash uploads in elFinder to prevent malicious code uploa…

…d; reported by DM_
exponentcms · Nov 3, 2016 · b276cf4 · b276cf4
1 parent 6172f67
commit b276cf4
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/framework/modules/file/connector/elfinder.php b/framework/modules/file/connector/elfinder.php
@@ -226,7 +226,7 @@ protected function write($log, $eol=false)
         }
     }
 
-} // END class 
+} // END class
 //$logger = new elFinderSimpleLogger(BASE.'tmp/elfinder.log');
 
 /**
@@ -279,7 +279,7 @@ public function fsAccess($attr, $path, $data, $volume)
         return true;
     }
 
-} // END class 
+} // END class
 //$acl = new elFinderTestACL();
 
 /**
@@ -370,9 +370,9 @@ function validName($name)
             'accessControl'   => 'access',
             // 'accessControl' => array($acl, 'fsAccess'),
             // 'accessControlData' => array('uid' => 1),
-            'uploadDeny'      => array('all'),
             'uploadAllow'     => array('all'),
-            'uploadOrder'     => 'deny,allow',
+            'uploadDeny'      => array('application/x-shockwave-flash'),
+            'uploadOrder'     => 'allow,deny',
             'uploadOverwrite' => true,
 //            'uploadMaxSize'   => '128m',
             // 'copyOverwrite' => false,