diff options
Diffstat (limited to 'core/helpers/photo.php')
| -rw-r--r-- | core/helpers/photo.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/core/helpers/photo.php b/core/helpers/photo.php index 0015bd99..8b0e1eab 100644 --- a/core/helpers/photo.php +++ b/core/helpers/photo.php @@ -47,6 +47,12 @@ class photo_Core { throw new Exception("@todo NAME_CANNOT_CONTAIN_SLASH"); } + // We don't allow trailing periods as a security measure + // ref: http://dev.kohanaphp.com/issues/684 + if (rtrim($name, ".") != $name) { + throw new Exception("@todo NAME_CANNOT_END_IN_PERIOD"); + } + $image_info = getimagesize($filename); // Force an extension onto the name |