--- main/inc/lib/fckeditor/editor/plugins/ImageManager/Classes/ImageManager.php.orig	2007-02-17 00:10:10.000000000 +0100
+++ main/inc/lib/fckeditor/editor/plugins/ImageManager/Classes/ImageManager.php	2008-12-15 23:52:47.000000000 +0100
@@ -6,6 +6,9 @@
  * @package ImageManager
  */
 
+require_once '../../../../../global.inc.php';
+require_once '../../../../fileUpload.lib.php';
+
 require_once('Files.php');
 
 /**
@@ -400,8 +403,6 @@
 		
 		$path = "/images/".substr($relative,1);
 
-		include(api_get_path(LIBRARY_PATH)."fileUpload.lib.php");
-		
 		$doc_id = add_document($_course, $path.$image_name, 'file', $image_size, $image_name);
 		
 		api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentCreated', $_user['user_id']);
@@ -447,28 +448,56 @@
 	{
 		if($file['error']!=0)
 		{
-			Return false;
+			return false;
 		}
 
 		if(!is_file($file['tmp_name']))
 		{
-			Return false;
+			return false;
 		}
 
 		if(!is_uploaded_file($file['tmp_name']))
 		{
 			Files::delFile($file['tmp_name']);
-			Return false;
+			return false;
 		}
 		
+		$file_name = $file['name'];
+		$extension = explode('.', $file_name);
+		$count = count($extension);
+		if ($count == 1)
+		{
+			$extension = '';
+		}
+		else
+		{
+			$extension = strtolower($extension[$count - 1]);
+		}
 
+		// Checking for image by file extension first, using the configuration file.
+		if (!in_array($extension, $this->config['accepted_extensions']))
+		{
+			Files::delFile($file['tmp_name']);
+			return false;
+		}
+
+		// Second, filtering using a special function of the system.
+		$result = filter_extension($file_name);
+		//if ($result == 0 || $file_name != $file['name'])
+		if (($result == 0) || ($file_name != $file['name']))
+		{
+			Files::delFile($file['tmp_name']);
+			return false;
+		}
+
+		// Checking for a valid image by reading binary file (partially in most cases).
 		if($this->config['validate_images'] == true)
 		{
 			$imgInfo = @getImageSize($file['tmp_name']);
 			if(!is_array($imgInfo))
 			{
 				Files::delFile($file['tmp_name']);
-				Return false;
+				return false;
 			}
 		}
 
@@ -497,7 +526,7 @@
 		
 		//delete tmp files.
 		Files::delFile($file['tmp_name']);
-		Return false;
+		return false;
 	}
 
 	/**
@@ -734,4 +763,4 @@
 	}
 }
 
-?>
\ No newline at end of file
+?>
--- main/inc/lib/fckeditor/editor/plugins/ImageManager/config.inc.php	2009-01-05 09:13:24.000000000 +0100
+++ main/inc/lib/fckeditor/editor/plugins/ImageManager/config.inc.php	2009-01-05 09:09:35.000000000 +0100
@@ -204,10 +204,6 @@
 $IMConfig['maxWidth'][1] = 100;
 $IMConfig['maxHeight'][1] = 180;
 
-/*
-Uploaded files will be accepted as images if they have file extensions from the list below.
-*/
- $IMConfig['accepted_extensions'] = array('gif', 'jpg', 'png', 'bmp', 'jpeg');
 
 /*
  Possible values: true, false
@@ -238,4 +234,4 @@
   Image Editor temporary filename prefix.
 */
 $IMConfig['tmp_prefix'] = '.editor_';
-?>
+?>
\ No newline at end of file