Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-11 18:32:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '4.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source 
Conflicts:
	ChangeLog
	dev/skeletons/skeleton_list.php
	htdocs/accountancy/class/html.formventilation.class.php
	htdocs/core/lib/cron.lib.php
	htdocs/core/tpl/admin_extrafields_add.tpl.php
This commit is contained in:
Laurent Destailleur
2016-10-01 18:42:50 +02:00
parent fcb00dbaf2 6f26a7390e
commit ee252f549a
38 changed files with 344 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/files.lib.php
View File

@@ -617,7 +617,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable
// Security:
// Disallow file with some extensions. We renamed them.
// Car si on a mis le rep documents dans un rep de la racine web (pas bien), cela permet d'executer du code a la demande.
if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$dest_file))
if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$dest_file) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED))
{
$file_name.= '.noexe';
}