- Affected version
XF\Http\Upload::analyzeImagecompares the uploaded file's extension against the map returned by
getImageExtensionMapbut then on the comparing the file's actual image type via
getimagesize; a hard-coded list is used.
array_flipwill generate a map of
IMAGETYPE_*constants which can be trivially checked instead of a hard-coded switch statement.