Merge branch '5.0' of git@github.com:Dolibarr/dolibarr.git into develop

Conflicts: htdocs/comm/propal/list.php htdocs/core/lib/files.lib.php htdocs/don/card.php
2025-12-06 09:38:23 +01:00 · 2017-06-18 22:16:34 +02:00
parent 819656bd89 317ab64d7c
commit 996ec4926b
6 changed files with 84 additions and 120 deletions
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@@ -910,8 +910,8 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable
    	}

    	// Security:
-    	// Disallow file with some extensions. We renamed them.
-    	// Car si on a mis le rep documents dans un rep de la racine web (pas bien), cela permet d'executer du code a la demande.
+    	// Disallow file with some extensions. We rename them.
+    	// Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
    	if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$dest_file) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED))
    	{
    	    $file_name.= '.noexe';