Issue GHSA-92fr-7h4f-22pp

e107_admin/users.php

@@ -1684,7 +1684,7 @@ function AddPage()
 		}
 
 		// Make Admin.
-		if(getperms('4|U0')) // Quick Add User access should not be allowed to create new users with escalated perms. 
+		if(getperms('4|U0')) // Quick Add User access should not be allowed to create new users with escalated perms.
 		{
 			$text .= "
 			<tr>

e107_handlers/file_class.php

@@ -2233,6 +2233,10 @@ public function isAllowedType($file, $targetFile = '')
 				$tmp = parse_url($targetFile);
 				$targetFile = $tmp['path'];
 				$remote = true;
+				if(!empty($tmp['host']) && ($tmp['host'] === 'localhost' || $tmp['host'] === '127.0.0.1'))
+				{
+					return false;
+				}
 			}
 
 			$ext = pathinfo($targetFile, PATHINFO_EXTENSION);

e107_tests/tests/unit/e_fileTest.php

@@ -157,9 +157,14 @@ public function testIsAllowedType()
 			array('path'=> e_SYSTEM."filetypes.xml",                 'expected' => true), // permitted
 			array('path'=> e_PLUGIN."gallery/images/butterfly.jpg",  'expected' => true), // permitted
 			array('path'=> 'http://127.0.0.1:8070/file.svg',        'expected'=>false), // not permitted
-			array('path'=> 'http://127.0.0.1:8070/butterfly.jpg',   'expected'=>true), // permitted
+			array('path'=> 'http://127.0.0.1:8070/butterfly.jpg',   'expected'=>false), // not permitted
+			array('path'=> 'http://localhost:8070/file.svg',        'expected'=>false), // not permitted
+			array('path'=> 'http://localhost:8070/butterfly.jpg',   'expected'=>false), // not permitted
+			array('path'=> 'http://domain.com:8070/file.svg',        'expected'=>false), // suspicious
+			array('path'=> 'http://domain.com:8070/butterfly.jpg',   'expected'=>true), // permitted
 			array('path'=> 'http://127.0.0.1/bla.php',              'expected'=>false), // suspicious
 			array('path'=> 'http://127.0.0.1/bla.php?butterfly.jpg',   'expected'=>false), // suspicious
+
 		);
 
 		foreach($isAllowedTest as $file)