From 3cc223dec5260e533a84b5cf5780d3a4fbf21241 Mon Sep 17 00:00:00 2001
From: azett <githubregistrierung@azett.com>
Date: Sun, 25 Dec 2022 14:42:08 +0100
Subject: [PATCH] fixes #178, possible XSS via uploaded XML & MD files

---
 admin/panels/uploader/admin.uploader.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/admin/panels/uploader/admin.uploader.php b/admin/panels/uploader/admin.uploader.php
index 8febfb6..3134e2a 100755
--- a/admin/panels/uploader/admin.uploader.php
+++ b/admin/panels/uploader/admin.uploader.php
@@ -96,7 +96,9 @@ class admin_uploader_default extends AdminPanelAction {
 			'htm',
 			'html',
 			'wml',
-			'svg'
+			'svg',
+			'xml',
+			'md'
 		);
 
 		$imgs = array(