Fixed security issues in file uploads.

[fa-stable.git] / admin / company_preferences.php

diff --git a/admin/company_preferences.php b/admin/company_preferences.php
index 8762378dcd6573eaf0b16ecfbd084cb0061c9ffe..9859cc8cfcb12a3ab839a48aa0acfbd9d3a70104 100644 (file)
--- a/admin/company_preferences.php
+++ b/admin/company_preferences.php
@@ -49,7 +49,7 @@ if (isset($_POST['update']) && $_POST['update'] != "")
                $filename .= "/".clean_file_name($_FILES['pic']['name']);
 
                 //But check for the worst
-               if (!in_array( substr($filename,-3), array('jpg','JPG','png','PNG')))
+               if (!in_array( substr($filename,-4), array('.jpg','.JPG','.png','.PNG')))
                {
                        display_error(_('Only jpg and png files are supported - a file extension of .jpg or .png is expected'));
                        $input_error = 1;