diff --git a/connectors/php/filemanager.class.php b/connectors/php/filemanager.class.php index aeaa0a6f..75814bd2 100755 --- a/connectors/php/filemanager.class.php +++ b/connectors/php/filemanager.class.php @@ -336,6 +336,11 @@ public function rename() { if(!$this->isValidPath($old_file)) { $this->error("No way."); } + + // we check if the new given extension is allowed regarding the security Policy settings + if($this->config['security']['allowChangeExtensions'] && !$this->isAllowedFileType($new_file)) { + $this->error(sprintf($this->lang('INVALID_FILE_TYPE'))); + } $this->__log(__METHOD__ . ' - renaming '. $old_file. ' to ' . $new_file); @@ -983,12 +988,12 @@ private function isAllowedFileType($file) { if($this->config['security']['uploadPolicy'] == 'DISALLOW_ALL') { if(!in_array(strtolower($path_parts['extension']), $exts)) - $this->error(sprintf($this->lang('INVALID_FILE_TYPE')),true); + return false; } if($this->config['security']['uploadPolicy'] == 'ALLOW_ALL') { if(in_array(strtolower($path_parts['extension']), $exts)) - $this->error(sprintf($this->lang('INVALID_FILE_TYPE')),true); + return false; } return true; diff --git a/scripts/filemanager.js b/scripts/filemanager.js index f9845f78..99a0e864 100644 --- a/scripts/filemanager.js +++ b/scripts/filemanager.js @@ -621,14 +621,31 @@ var renameItem = function(data) { rname = m.children('#rname').val(); if(rname != ''){ + var givenName = rname; + if (! config.security.allowChangeExtensions) { givenName = nameFormat(rname); var suffix = getExtension(data['Filename']); if(suffix.length > 0) { givenName = givenName + '.' + suffix; } - } + } + + // Check if file extension is allowed + if (!isAuthorizedFile(givenName)) { + var str = '
' + lg.INVALID_FILE_TYPE + '
'; + if(config.security.uploadPolicy == 'DISALLOW_ALL') { + str += '' + lg.ALLOWED_FILE_TYPE + config.security.uploadRestrictions.join(', ') + '.
'; + } + if(config.security.uploadPolicy == 'ALLOW_ALL') { + str += '' + lg.DISALLOWED_FILE_TYPE + config.security.uploadRestrictions.join(', ') + '.
'; + } + $("#filepath").val(''); + $.prompt(str); + return false; + } + var oldPath = data['Path']; var connectString = fileConnector + '?mode=rename&old=' + data['Path'] + '&new=' + givenName; diff --git a/scripts/filemanager.min.js b/scripts/filemanager.min.js index 4abbdc93..1040a2e8 100644 --- a/scripts/filemanager.min.js +++ b/scripts/filemanager.min.js @@ -4,55 +4,56 @@ @author Simon Georget