From 0dc9904d6218ea61357b39e8cc2831b9795112da Mon Sep 17 00:00:00 2001
From: Diego Najar <dignajar@gmail.com>
Date: Mon, 27 May 2019 19:24:11 +0200
Subject: [PATCH] Check file extension, bug fix #1011

---
 bl-kernel/ajax/logo-upload.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/bl-kernel/ajax/logo-upload.php b/bl-kernel/ajax/logo-upload.php
index 91b0bdcf..180fede2 100644
--- a/bl-kernel/ajax/logo-upload.php
+++ b/bl-kernel/ajax/logo-upload.php
@@ -6,7 +6,11 @@ if (!isset($_FILES['inputFile'])) {
 }
 
 // File extension
-$fileExtension = pathinfo($_FILES['inputFile']['name'], PATHINFO_EXTENSION);
+$fileExtension = Filesystem::extension($_FILES['inputFile']['name']);
+$fileExtension = Text::lowercase($fileExtension);
+if (!in_array($fileExtension, ALLOWED_IMG_EXTENSION) ) {
+	return false;
+}
 
 // Final filename
 $filename = 'logo.'.$fileExtension;
@@ -21,7 +25,7 @@ if ($oldFilename) {
 }
 
 // Move from temporary directory to uploads
-rename($_FILES['inputFile']['tmp_name'], PATH_UPLOADS.$filename);
+Filesystem::mv($_FILES['inputFile']['tmp_name'], PATH_UPLOADS.$filename);
 
 // Permissions
 chmod(PATH_UPLOADS.$filename, 0644);