From d1344706c4b74c2ae7659b286b5a066117155124 Mon Sep 17 00:00:00 2001
From: Fotis Evangelou <fevangelou@users.noreply.github.com>
Date: Tue, 3 Dec 2019 21:14:08 +0200
Subject: [PATCH] Update class.upload.php

---
 .../assets/vendors/verot/class.upload.php/src/class.upload.php  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/media/k2/assets/vendors/verot/class.upload.php/src/class.upload.php b/media/k2/assets/vendors/verot/class.upload.php/src/class.upload.php
index 5e992d99..683d67d8 100755
--- a/media/k2/assets/vendors/verot/class.upload.php/src/class.upload.php
+++ b/media/k2/assets/vendors/verot/class.upload.php/src/class.upload.php
@@ -2992,7 +2992,7 @@ function process($server_path = null) {
                 }
                 // if the file is text based, or has a dangerous extension, we rename it as .txt
                 if ((((substr($this->file_src_mime, 0, 5) == 'text/' && $this->file_src_mime != 'text/rtf') || strpos($this->file_src_mime, 'javascript') !== false)  && (substr($file_src_name, -4) != '.txt'))
-                    || preg_match('/\.(php|php5|php4|php3|phtml|pl|py|cgi|asp|js)$/i', $this->file_src_name)
+                    || preg_match('/\.(asp|cgi|js|ph3|ph4|ph5|ph7|phar|php|php3|php4|php5|php7|phps|phtml|pl|py)$/i', $this->file_src_name)
                     || $this->file_force_extension && empty($file_src_name_ext)) {
                     $this->file_src_mime = 'text/plain';
                     if ($this->file_src_name_ext) $file_src_name_body = $file_src_name_body . '.' . $this->file_src_name_ext;