diff --git a/e107_admin/image.php b/e107_admin/image.php
index b4e4c8fa00..bf6d072b8c 100644
--- a/e107_admin/image.php
+++ b/e107_admin/image.php
@@ -2486,7 +2486,11 @@ function processUploadUrl($import = false, $cat='_common')
$fileName = empty($uploadCaption) ? str_replace(array('.php', '.html', '.asp', '.htm'),'',$fileName). '_' .time() : eHelper::dasherize(strtolower($uploadCaption));
}
- if(!$fl->getRemoteFile($tp->filter($_POST['upload_url'], 'url'), $fileName, 'import'))
+ if(!$fl->isAllowedType($_POST['upload_url']))
+ {
+ $mes->addError(defset('IMALAN_190', "Importing of this file-type is not allowed."));
+ }
+ elseif(!$fl->getRemoteFile($tp->filter($_POST['upload_url'], 'url'), $fileName, 'import'))
{
$mes->addError(IMALAN_176);
}
diff --git a/e107_handlers/comment_class.php b/e107_handlers/comment_class.php
index 26fdcea000..9319b101d9 100644
--- a/e107_handlers/comment_class.php
+++ b/e107_handlers/comment_class.php
@@ -271,7 +271,7 @@ function form_comment($action, $table, $id, $subject, $content_type, $return = F
$text = "\n
\n".e107::getMessage()->render('postcomment', true, false);//temporary here
// $text .= "Indent = ".$indent;
- $text .= "
@@ -58,4 +58,4 @@
";
$text = $tp->toHTML($text, true);
-$ns->tablerender("Menu Manager Help", $text);
\ No newline at end of file
+e107::getRender()->tablerender("Menu Manager Help", $text);
\ No newline at end of file
diff --git a/e107_languages/English/admin/lan_image.php b/e107_languages/English/admin/lan_image.php
index f14ad1a0d5..6eded27a30 100644
--- a/e107_languages/English/admin/lan_image.php
+++ b/e107_languages/English/admin/lan_image.php
@@ -214,4 +214,5 @@
define("IMALAN_187", "Convert to webp during import");
define("IMALAN_188", "Convert to webp during render");
-define("IMALAN_189", "JPEG, PNG and GIF files will be automatically converted to webp format. (icons excluded)");
\ No newline at end of file
+define("IMALAN_189", "JPEG, PNG and GIF files will be automatically converted to webp format. (icons excluded)");
+define("IMALAN_190", "Importing of this file-type is not allowed.");
\ No newline at end of file
diff --git a/e107_tests/tests/unit/e_fileTest.php b/e107_tests/tests/unit/e_fileTest.php
index e7570ee86a..89aeddbca8 100644
--- a/e107_tests/tests/unit/e_fileTest.php
+++ b/e107_tests/tests/unit/e_fileTest.php
@@ -152,8 +152,14 @@ public function testIsAllowedType()
$isAllowedTest = array(
array('path'=> 'somefile.bla', 'expected' => false), // suspicious
- array('path'=> e_SYSTEM."filetypes.xml", 'expected' => true), // okay
- array('path'=> e_PLUGIN."gallery/images/butterfly.jpg", 'expected' => true), // okay
+ array('path'=> 'somefile.php', 'expected' => false), // suspicious
+ array('path'=> 'somefile.exe', 'expected' => false), // suspicious
+ array('path'=> e_SYSTEM."filetypes.xml", 'expected' => true), // permitted
+ array('path'=> e_PLUGIN."gallery/images/butterfly.jpg", 'expected' => true), // permitted
+ array('path'=> 'http://127.0.0.1:8070/file.svg', 'expected'=>false), // not permitted
+ array('path'=> 'http://127.0.0.1:8070/butterfly.jpg', 'expected'=>true), // permitted
+ array('path'=> 'http://127.0.0.1/bla.php', 'expected'=>false), // suspicious
+ array('path'=> 'http://127.0.0.1/bla.php?butterfly.jpg', 'expected'=>false), // suspicious
);
foreach($isAllowedTest as $file)