From edd19419ad73dc5e82407c3da6df83c8633bfe2c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 6 Aug 2020 17:39:36 +0200 Subject: [PATCH] Add protection to allow only jpg and png as image file --- htdocs/admin/company.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index 6330909f2c0..88f6034a3b6 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -111,7 +111,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha')) foreach ($arrayofimages as $varforimage) { - if (! preg_match('/(\.jpeg|\.jpg|\.png)$/i', $_FILES[$varforimage]["tmp_name"])) { // Logo can be used on a lot of different places. Only jpg and png can be supported. + if ($_FILES[$varforimage]["name"] && ! preg_match('/(\.jpeg|\.jpg|\.png)$/i', $_FILES[$varforimage]["name"])) { // Logo can be used on a lot of different places. Only jpg and png can be supported. $langs->load("errors"); setEventMessages($langs->trans("ErrorBadImageFormat"), null, 'errors'); break;