Security: PHP files can not be uploaded any more - see https://www.exploit-db.com/exploits/39870

admin/panels/uploader/admin.uploader.php

@@ -13,14 +13,20 @@
  *        
  */
 class admin_uploader extends AdminPanel {
-		var $panelname = 'uploader';
-		var $actions = array('default'=>true);
-	}
 
+	var $panelname = 'uploader';
+
+	var $actions = array(
+		'default' => true
+	);
+	
+}
 
 class admin_uploader_default extends AdminPanelAction {
 
-		var $events = array('upload');
+	var $events = array(
+		'upload'
+	);
 
 	function main() {
 		if ($f = sess_remove('admin_uploader_files'))
@@ -28,7 +34,6 @@
 	}
 
 	function onupload() {
-
 		$success = false;
 		
 		if (!file_exists(IMAGES_DIR))
@@ -37,8 +42,20 @@
 		if (!file_exists(ATTACHS_DIR))
 			fs_mkdir(ATTACHS_DIR);
 		
-				
-			$imgs = array('.jpg','.gif','.png', '.jpeg'); 
+		$imgs = array(
+			'.jpg',
+			'.gif',
+			'.png',
+			'.jpeg'
+		);
+		$forbidden = array(
+			'.php',
+			'.php3',
+			'.php4',
+			'.php5',
+			'.php7',
+			'.phtml'
+		);
 		
 		// intentionally
 		// I've not put BMPs
@@ -55,6 +72,10 @@
 				
 				$ext = strtolower(strrchr($name, '.'));
 				
+				if (in_array($ext, $forbidden)) {
+					$success = false;
+					continue;
+				}
 				if (in_array($ext, $imgs)) {
 					$dir = IMAGES_DIR;
 				}
@@ -70,10 +91,7 @@
 				
 				// one failure will make $success == false :)
 				$success &= $success;
-					
-			
 			}
-				
 		}
 		
 		if ($uploaded_files) {
@@ -82,8 +100,8 @@
 		}
 		
 		return 1;
-			
 	}
+	
 }
 
 ?>