When sending a new post (either a new topic or a reply to an existing topic), attaching a file with a forbidden extension throws a BadExtensionException, which isn't handled. The user sees an error page with a Java stacktrace in the source code.
This is a bug in the net.jforum.view.forum.PostAction class: there are two calls to attachments.preProcess(), one in editSave() and one in insertSave(). The first does a try, catch (AttachmentException e) where as the latter does a try, catch (AttachmentSizeTooBigException e), thus ignoring the BadExtensionException.
Fix is easy: change AttachmentSizeTooBigException to AttachmentException on line 1048. Tested on JForum 2.1.7. [originally posted on jforum.net by jooooooon]
Screaming fools! It's nothing more than a tiny ad: