check upload for double extensions is not working

Hi again Yoghita,

I have just send you an email with a modified file to detect all files with multiple extensions (not only php files), so this should solve your issue. I will also add this change to future versions of Securitycheck Pro.

Regards,
Jose

Dear Jose,
Thank you very much for the support. We have applied the change sent to us. Looks to work now. We sent it to testing team.
with regard to csrf protection, the government security audit team warned this and recommended to prevent.
Kindly guide us on this topic.

Once again we thank you for the support being extended.

Thank you very much for the support. We have applied the change sent to us. Looks to work now. We sent it to testing team.

You're welcome Yogitha!

with regard to csrf protection, the government security audit team warned this and recommended to prevent.
Kindly guide us on this topic.

Csrf protection must be implemented for each extension; for instance, Securitycheck Pro adds protection agains this technique. So I fear this is a field where I can't help you so much. Anyway Joomla is secure enough and Securitycheck Pro also adds user session protection.

Regards,
Jose

Dear Jose,
Thank you for your support.Double extension is working only some of the combinations viz., doc.pdf, rar.zip etc... with the modified set up file. While uploading exe. pdf,exe.exe etc....., it is not working. please do the needful to avoid all type of double extensions uploading combination.
Regards,
Yogitha Sindhu

Did you update to 3.1.9 version? If so you have to upload again the file I sent you, as i had to revert the changes I did for you because they were too restrictive. I need to rethink this.

Regards,
Jose