check upload for double extensions is not working

Hi

In file upload scanner, check for double extensions is not working.

Hi yogitha,

Can you give me more details to reproduce your issue?

Regards,
Jose

Hi Jose,
Sorry.I missed your reply.
You can reproduce by:
login to joomla website.
in any form with file upload, try to upload a file with multiple extensions ex: abc.pdf.docx OR abc.pdf.exe
the upload scanner set yes to Check multiple extensions unable to stop file upload.
we are facing this issue. pl help us.

Hi yogitha,

Which component do you use? Maybe doesn't have a good file validation. Joomla allows to upload only authorized extensions through its file manager in backend...

Regards,
Jose

Hi Jose,
Yes. Inadvertently I opened another tag. pl ignore other one.
as seen your reply to other post, security checkpro avoids only double extensions with php files ex. abc.doc.php or abc.php.php.
but our problem is allowed extensions are: doc, xls, pdf etc.
Now joomla is checking only last extension ex: abc.doc.xls is allowed as last extension is xls which is permitted.
it is not checking for double extensions. we need to restrict it to address security audit. pl help us.

Ok, I understand your problem.

But I need more info:

- Everybody (guests users) is able to upload files?

- Do you have any extension to upload files from frontend or do you use custom fields?

I want to configure a test environment like yours.

Regards,
Jose