From 9e2ea2ffedb22f83137db4e5ba4c06b91f11e09d Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 17 May 2012 20:25:27 -0700
Subject: Smash multiple extensions down into a single one when accepting file
 uploads.  Fixes #1872.

---
 modules/gallery/models/item.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'modules/gallery/models')

diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 992af0cc..903dadad 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -797,11 +797,19 @@ class Item_Model_Core extends ORM_MPTT {
     if (strpos($this->name, "/") !== false) {
       $v->add_error("name", "no_slashes");
       return;
-    } else if (rtrim($this->name, ".") !== $this->name) {
+    }
+
+    if (rtrim($this->name, ".") !== $this->name) {
       $v->add_error("name", "no_trailing_period");
       return;
     }
 
+    // Do not accept files with double extensions, they can cause problems on some
+    // versions of Apache.
+    if (substr_count($this->name, ".") > 1) {
+      $v->add_error("name", "illegal_data_file_extension");
+    }
+
     if ($this->is_movie() || $this->is_photo()) {
       $ext = pathinfo($this->name, PATHINFO_EXTENSION);
 
-- 
cgit v1.2.3