From e1fe7435e485282f01c8681f37ea322c57665dcb Mon Sep 17 00:00:00 2001 From: fusionate Date: Wed, 4 Oct 2023 00:04:19 +0000 Subject: [PATCH] Fax Server - New: Honor Fax > allowed_extension defined in Default/Domain Settings on Preview and Send. --- app/fax/fax_send.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/fax/fax_send.php b/app/fax/fax_send.php index c7e85de02c..001e72fc1d 100644 --- a/app/fax/fax_send.php +++ b/app/fax/fax_send.php @@ -295,6 +295,9 @@ if (!function_exists('fax_split_dtmf')) { break; } + //load authorized file extensions + $allowed_file_extensions = $setting->get('fax','allowed_extension'); + //process uploaded or emailed files (if any) $fax_page_count = 0; $_files = (!$included) ? $_FILES['fax_files'] : $emailed_files; @@ -309,6 +312,7 @@ if (!function_exists('fax_split_dtmf')) { //block unauthorized files $disallowed_file_extensions = explode(',','sh,ssh,so,dll,exe,bat,vbs,zip,rar,z,tar,tbz,tgz,gz'); if (in_array($fax_file_extension, $disallowed_file_extensions) || $fax_file_extension == '') { continue; } + if (!in_array('.'.$fax_file_extension, $allowed_file_extensions)) { continue; } //use a safe file name $fax_name = md5($_files['name'][$index]);