Description: Fix for arbitrary code execution
 Collabtive allows users to upload files with any name to a directory
 under the webserver's documentroot. Most webservers running
 Collabtive will be happy to run any file with a ".php" extension as
 PHP code - I suggest the following patch, which renames the file to
 ._php
Author: Gunnar Wolf <gwolf@debian.org>
Forwarded: http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=4399
Last-Update: 2012-05-30
Index: collabtive/include/class.datei.php
===================================================================
--- collabtive.orig/include/class.datei.php	2012-05-30 11:49:48.000000000 -0500
+++ collabtive/include/class.datei.php	2012-05-30 15:56:13.000000000 -0500
@@ -282,6 +282,13 @@
             $subname = substr($subname, 0, 200);
         }
 
+	// don't allow file extensions that can often be executed by
+	// the server - PHP is often associated with *.php, *.php3,
+	// *.phtml, *.phps
+	if (preg_match($erweiterung, "/^(php|phtml)/")) {
+	  $erweiterung = '_' . $erweiterung;
+	}
+
         $name = $subname . "_" . $randval . "." . $erweiterung;
         $datei_final = $root . "/" . $ziel . "/" . $name;
         $datei_final2 = $ziel . "/" . $name;
