Merge pull request #71 from silverstripe-security/pulls/3.6/ss-2018-014

[SS-2018-014] Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions
silverstripe · May 10, 2018 · 0408048 · 0408048
2 parents 8b750b3 + 19fdebf
commit 0408048
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/filesystem/File.php b/filesystem/File.php
@@ -126,11 +126,11 @@ class File extends DataObject {
 	 * Instructions for the change you need to make are included in a comment in the config file.
 	 */
 	private static $allowed_extensions = array(
-		'','ace','arc','arj','asf','au','avi','bmp','bz2','cab','cda','css','csv','dmg','doc','docx','dotx','dotm',
-		'flv','gif','gpx','gz','hqx','ico','jar','jpeg','jpg','js','kml', 'm4a','m4v',
+		'','ace','arc','arj','asf','au','avi','bmp','bz2','cab','cda','csv','dmg','doc','docx','dotx',
+		'flv','gif','gpx','gz','hqx','ico','jpeg','jpg','kml', 'm4a','m4v',
 		'mid','midi','mkv','mov','mp3','mp4','mpa','mpeg','mpg','ogg','ogv','pages','pcx','pdf','pkg',
-		'png','pps','ppt','pptx','potx','potm','ra','ram','rm','rtf','sit','sitx', 'tar','tgz','tif','tiff',
-		'txt','wav','webm','wma','wmv','xls','xlsx','xltx','xltm','zip','zipx',
+		'png','pps','ppt','pptx','potx','ra','ram','rm','rtf','sit','sitx', 'tar','tgz','tif','tiff',
+		'txt','wav','webm','wma','wmv','xls','xlsx','xltx','zip','zipx',
 	);
 
 	/**