[SS-2018-014] Remove dotm, potm, jar, css, js, xltm from default File…

….allowed_extensions

src/File.php

@@ -161,11 +161,11 @@ class File extends DataObject implements AssetContainer, Thumbnail, CMSPreviewab
      * Instructions for the change you need to make are included in a comment in the config file.
      */
     private static $allowed_extensions = array(
-        '', 'ace', 'arc', 'arj', 'asf', 'au', 'avi', 'bmp', 'bz2', 'cab', 'cda', 'css', 'csv', 'dmg', 'doc',
-        'docx', 'dotx', 'dotm', 'flv', 'gif', 'gpx', 'gz', 'hqx', 'ico', 'jar', 'jpeg', 'jpg', 'js', 'kml',
+        '', 'ace', 'arc', 'arj', 'asf', 'au', 'avi', 'bmp', 'bz2', 'cab', 'cda', 'csv', 'dmg', 'doc',
+        'docx', 'dotx', 'flv', 'gif', 'gpx', 'gz', 'hqx', 'ico', 'jpeg', 'jpg', 'kml',
         'm4a', 'm4v', 'mid', 'midi', 'mkv', 'mov', 'mp3', 'mp4', 'mpa', 'mpeg', 'mpg', 'ogg', 'ogv', 'pages',
-        'pcx', 'pdf', 'png', 'pps', 'ppt', 'pptx', 'potx', 'potm', 'ra', 'ram', 'rm', 'rtf', 'sit', 'sitx',
-        'tar', 'tgz', 'tif', 'tiff', 'txt', 'wav', 'webm', 'wma', 'wmv', 'xls', 'xlsx', 'xltx', 'xltm', 'zip',
+        'pcx', 'pdf', 'png', 'pps', 'ppt', 'pptx', 'potx', 'ra', 'ram', 'rm', 'rtf', 'sit', 'sitx',
+        'tar', 'tgz', 'tif', 'tiff', 'txt', 'wav', 'webm', 'wma', 'wmv', 'xls', 'xlsx', 'xltx', 'zip',
         'zipx',
     );
 

templates/SilverStripe/Assets/Flysystem/PublicAssetAdapter_HTAccess.ss

@@ -25,7 +25,7 @@ AddHandler default-handler php phtml php3 php4 php5 inc
     RewriteRule error[^\\\\/]*\\.html$ - [L]
 
     # Block invalid file extensions
-    RewriteCond %{REQUEST_URI} !^[^.]*\\.(?i:<% loop $AllowedExtensions %>$Extension<% if not $Last %>|<% end_if %><% end_loop %>)$
+    RewriteCond %{REQUEST_URI} !^[^.]*\\.(?i:css|js<% loop $AllowedExtensions %>|$Extension<% end_loop %>)$
     RewriteRule .* - [F]
 
     # Non existant files passed to requesthandler