From 62afc060a849f75f8a2ffae68bf1a81bc3226707 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Thu, 8 Dec 2022 10:25:57 +0100
Subject: Security fix in ext.php (#4928)

Details later.
Due to https://github.com/FreshRSS/FreshRSS/pull/3433 (1.18.0)
---
 p/ext.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'p/ext.php')

diff --git a/p/ext.php b/p/ext.php
index b4d32f7ed..2979e2365 100644
--- a/p/ext.php
+++ b/p/ext.php
@@ -101,7 +101,8 @@ if (!isset($_GET['f']) ||
 
 $file_name = urldecode($_GET['f']);
 $file_type = $_GET['t'];
-if (empty(SUPPORTED_TYPES[$file_type])) {
+if (empty(SUPPORTED_TYPES[$file_type]) ||
+	empty(SUPPORTED_TYPES[pathinfo($file_name, PATHINFO_EXTENSION)])) {
 	sendBadRequestResponse('File type is not supported.');
 }
 
-- 
cgit v1.2.3