Hello,
Under Linux/UNIX file extensions (suffix) do not necessarily have any specific meaning. It is perfectly acceptable for a file to have no extension. The current file extension check requires filenames to have an extension on them, and this should not be the case. Files with no extension should just be accepted. Any file without an extension still has to pass the MIME type check before it is accepted.
Secondly, the current extension check makes us of the PHP 'empty' function. This, however, would see a file extension of '0' (a zero) as being false, and hence a file of 'abc.0' would be rejected. A better test is to check the extension length. A patch for this is below:
--- library/Xerte/Validate/FileExtension.php.orig 2015-07-29 23:17:23.000000000 +0100
+++ library/Xerte/Validate/FileExtension.php 2015-08-20 10:53:41.182463794 +0100
@@ -41,10 +41,8 @@
_debug($blacklist);
_debug($extension);
- if (empty($extension)) {
- _debug("File extension not found for '$filename'.");
- $this->messages['NO_EXTENSION'] = "File extension not found.";
- return false;
+ if (!strlen($extension)) {
+ return true;
}
if (in_array($extension, $blacklist)) {
