Index: /modules/branches/2.10/backup/page.backup_restore.php
===================================================================
--- /modules/branches/2.10/backup/page.backup_restore.php (revision 12991)
+++ /modules/branches/2.10/backup/page.backup_restore.php (revision 13096)
@@ -36,30 +36,30 @@
 		break;
 	case 'upload':
-		//only accept .tar.gz or .tgz
-		
-		if (is_uploaded_file($_FILES['upload']['tmp_name']) 
-			&& (
-				substr($_FILES['upload']['name'], -7) == '.tar.gz' 
-				|| substr($_FILES['upload']['name'], -4) == '.tgz'
-			)
-			&& (
-				$_FILES['upload']['type'] == 'application/x-gzip'
-				|| $_FILES['upload']['type'] == 'application/octet-stream'
-			)
-		) {
-			$dest = $amp_conf['ASTSPOOLDIR'] 
-					. '/tmp/' 
-					. 'backuptmp-suser-'
-					. time() . '-'
-					. basename($_FILES['upload']['name']);
-			move_uploaded_file($_FILES['upload']['tmp_name'], $dest);
-			
-			//$var['restore_path'] = $dest;
-			$_SESSION['backup_restore_path'] = $dest;
-			
-		} else {
+
+		//make sure our file was uploaded
+		if (!is_uploaded_file($_FILES['upload']['tmp_name'])) {
 			echo _('Error uploading file!');
 			$var['action'] = '';
+			break;
+
 		}
+		
+		//ensure uploaded file is a valid tar file
+		exec(fpbx_which('tar') . ' -tf ' . $_FILES['upload']['tmp_name'], $array, $ret_code);
+		if ($ret_code !== 0) {
+			echo _('Error verifying uploaded file!');
+			$var['action'] = '';
+			break;
+		}
+		
+		$dest = $amp_conf['ASTSPOOLDIR'] 
+				. '/tmp/' 
+				. 'backuptmp-suser-'
+				. time() . '-'
+				. basename($_FILES['upload']['name']);
+		move_uploaded_file($_FILES['upload']['tmp_name'], $dest);
+		
+		//$var['restore_path'] = $dest;
+		$_SESSION['backup_restore_path'] = $dest;
 		break;
 	case 'list_dir':