From 8afd665c8f48c113c19e0c6f3f25f4fb40f25c82 Mon Sep 17 00:00:00 2001
From: aFolletete <alain.folletete@prestashop.com>
Date: Mon, 6 Aug 2012 13:14:00 +0000
Subject: [PATCH] // Add image verification

---
 classes/ImageManager.php | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/classes/ImageManager.php b/classes/ImageManager.php
index bf68be0c7..52d5bd20e 100644
--- a/classes/ImageManager.php
+++ b/classes/ImageManager.php
@@ -225,6 +225,30 @@ class ImageManagerCore
 		return false;
 	}
 
+	/**
+	 * Check if image file extension is correct
+	 *
+	 * @static
+	 * @param $filename real filename
+	 * @return bool true if it's correct
+	 */
+	public static function isCorrectImageFileExt($filename)
+	{
+		// Filter on file extension
+		$authorized_extensions = array('gif', 'jpg', 'jpeg', 'jpe', 'png');
+		$name_explode = explode('.', $filename);
+		if (count($name_explode))
+		{
+			$current_extension = strtolower($name_explode[count($name_explode) - 1]);
+			if (!in_array($current_extension, $authorized_extensions))
+				return false;
+		}
+		else
+			return false;
+
+		return true;
+	}
+
 	/**
 	 * Validate image upload (check image type and weight)
 	 *
@@ -240,7 +264,7 @@ class ImageManagerCore
 				$file['size'] / 1000,
 				$max_file_size / 1000
 			);
-		if (!ImageManager::isRealImage($file['tmp_name'], $file['type']))
+		if (!ImageManager::isRealImage($file['tmp_name'], $file['type']) || !ImageManager::isCorrectImageFileExt($file['name']))
 			return Tools::displayError('Image format not recognized, allowed formats are: .gif, .jpg, .png');
 		if ($file['error'])
 			return sprintf(Tools::displayError('Error while uploading image; please change your server\'s settings. (Error code: %s)'), $file['error']);