From d47aea0abaa3960b25800d1c8e788242ccf62bd6 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Thu, 12 Oct 2017 16:00:34 +0900
Subject: [PATCH] Disallow directly downloadable swf uploads in layout module

---
 modules/layout/layout.admin.controller.php | 2 +-
 modules/layout/layout.model.php            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/layout/layout.admin.controller.php b/modules/layout/layout.admin.controller.php
index f55103d3e..363936fdd 100644
--- a/modules/layout/layout.admin.controller.php
+++ b/modules/layout/layout.admin.controller.php
@@ -929,7 +929,7 @@ class layoutAdminController extends layout
 			return;
 		}
 
-		if(!preg_match('/\.(jpg|jpeg|gif|png|swf)$/i', $img['name']))
+		if(!preg_match('/\.(jpg|jpeg|gif|png)$/i', $img['name']))
 		{
 			Context::set('msg', lang('msg_layout_image_target'));
 			return;
diff --git a/modules/layout/layout.model.php b/modules/layout/layout.model.php
index 2b67ce1a0..b8f298224 100644
--- a/modules/layout/layout.model.php
+++ b/modules/layout/layout.model.php
@@ -1019,7 +1019,7 @@ class layoutModel extends layout
 		);
 
 		$image_path = $this->getUserLayoutImagePath($layout_srl);
-		$image_list = FileHandler::readDir($image_path,'/(.*(?:swf|jpg|jpeg|gif|bmp|png)$)/i');
+		$image_list = FileHandler::readDir($image_path,'/\.(?:jpg|jpeg|gif|bmp|png)$/i');
 
 		foreach($image_list as $image)
 		{