Description: Fix for arbitrary code execution
 Collabtive allows users to upload files with any name to a directory
 under the webserver's documentroot. Most webservers running
 Collabtive will be happy to run any file with a ".php" extension as
 PHP code - I suggest the following patch, which renames the file to
 ._php
Author: Gunnar Wolf <gwolf@debian.org>
Forwarded: http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=4399
Last-Update: 2010-09-21
Index: collabtive-0.7.5/include/class.datei.php
===================================================================
--- collabtive-0.7.5.orig/include/class.datei.php	2012-01-20 14:04:54.000000000 -0600
+++ collabtive-0.7.5/include/class.datei.php	2012-01-20 14:05:01.000000000 -0600
@@ -295,6 +295,13 @@
             $subname = substr($subname, 0, 200);
         }
 
+	// don't allow file extensions that can often be executed by
+	// the server - PHP is often associated with *.php, *.php3,
+	// *.phtml, *.phps
+	if (preg_match($erweiterung, "/^(php|phtml)/")) {
+	  $erweiterung = '_' . $erweiterung;
+	}
+
         $name = $subname . "_" . $randval . "." . $erweiterung;
         $datei_final = $root . "/" . $ziel . "/" . $name;
         $datei_final2 = $ziel . "/" . $name;
