I see that filenames finished by .php.jpg (like “myfalsepic.php.jpg”) is parsed by the parser. And it can bring security problems in upload forms.
Exemple: a picture upload form allow .gif, .jpg,… extensions.
The form checking can okay if the filename finish by “.jpg”. Then a hacker can execute Php lines code on your server, and steal some password.
I would like to know how to disallow parsing this type of file, particulary how to parse ONLY “.php” file.