Index: /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_commands.cfm
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_commands.cfm	(revision 944)
+++ /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_commands.cfm	(revision 945)
@@ -49,6 +49,17 @@
 		<cfset sOriginalFileName = sFileName >
 
-		<cfif isDefined("REQUEST.Config.SecureImageUploads") and REQUEST.Config.SecureImageUploads>
-			<cfif not IsFileValid( sTempFilePath, CFFILE.ClientFileExt, REQUEST.Config.SecureImageUploads )>
+		<cfif isDefined( "REQUEST.Config.SecureImageUploads" ) and REQUEST.Config.SecureImageUploads>
+			<cfif not IsImageValid( sTempFilePath, CFFILE.ClientFileExt )>
+				<cftry>
+				<cffile action="delete" file="#sTempFilePath#">
+				<cfcatch type="any">
+				</cfcatch>
+				</cftry>
+				<cfthrow errorcode="202" type="fckeditor">
+			</cfif>
+		</cfif>
+
+		<cfif isDefined( "REQUEST.Config.HtmlExtensions" ) and not listFindNoCase( REQUEST.Config.HtmlExtensions, CFFILE.ClientFileExt )>
+			<cfif DetectHtml( sTempFilePath )>
 				<cftry>
 				<cffile action="delete" file="#sTempFilePath#">
Index: /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_util.cfm
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_util.cfm	(revision 944)
+++ /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_util.cfm	(revision 945)
@@ -54,15 +54,10 @@
 	2 = use DetectHtml for images
 ---->
-<cffunction name="IsFileValid" returntype="boolean" output="true">
+<cffunction name="IsImageValid" returntype="boolean" output="true">
 	<cfargument name="filePath" required="true" type="String">
 	<cfargument name="extension" required="true" type="String">
-	<cfargument name="detectionLevel" required="true" type="Numeric">
 
 	<cfset var imageCFC = "">
 	<cfset var imageInfo = "">
-
-	<cfif ARGUMENTS.detectionLevel lte 0>
-		<cfreturn true>
-	</cfif>
 
 	<cfif not ListFindNoCase("gif,jpeg,jpg,png,swf,psd,bmp,iff,tiff,tif,swc,jpc,jp2,jpx,jb2,xmb,wbmp", ARGUMENTS.extension)>
@@ -70,29 +65,21 @@
 	</cfif>
 
-	<cfif ARGUMENTS.detectionLevel gte 1>
-		<cftry>
-			<cfif REQUEST.CFVersion gte 8>
-				<cfset objImage = ImageRead(ARGUMENTS.filePath) >
-				<cfset imageInfo = ImageInfo(objImage)>
-				<!--- <cfimage action="info" source="#ARGUMENTS.filePath#" structName="imageInfo" /> --->
-			<cfelse>
-				<cfset imageCFC = createObject("component", "image")>
-				<cfset imageInfo = imageCFC.getImageInfo("", ARGUMENTS.filePath)>
-			</cfif>
+	<cftry>
+		<cfif REQUEST.CFVersion gte 8>
+			<cfset objImage = ImageRead(ARGUMENTS.filePath) >
+			<cfset imageInfo = ImageInfo(objImage)>
+			<!--- <cfimage action="info" source="#ARGUMENTS.filePath#" structName="imageInfo" /> --->
+		<cfelse>
+			<cfset imageCFC = createObject("component", "image")>
+			<cfset imageInfo = imageCFC.getImageInfo("", ARGUMENTS.filePath)>
+		</cfif>
 
-			<cfif imageInfo.height lte 0 or imageInfo.width lte 0>
-				<cfreturn false>
-			</cfif>
-		<cfcatch type="any">
-			<cfreturn false>
-		</cfcatch>
-		</cftry>
-	</cfif>
-
-	<cfif ARGUMENTS.detectionLevel gte 2>
-		<cfif DetectHtml( ARGUMENTS.filePath )>
+		<cfif imageInfo.height lte 0 or imageInfo.width lte 0>
 			<cfreturn false>
 		</cfif>
-	</cfif>
+	<cfcatch type="any">
+		<cfreturn false>
+	</cfcatch>
+	</cftry>
 
 	<cfreturn true>
Index: /FCKeditor/trunk/editor/filemanager/connectors/cfm/config.cfm
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/cfm/config.cfm	(revision 944)
+++ /FCKeditor/trunk/editor/filemanager/connectors/cfm/config.cfm	(revision 945)
@@ -42,12 +42,7 @@
 	Config.ForceSingleExtension = true ;
 
-	// Perform additional checks for image files  - check whether uploaded images are valid image files
-	// 0 = turn off
-	// 1 = validate image size
-	// 2 = most secure option, validate images also against MIME Type Detection bug that
-	//     can lead to Cross Site Scripting attacks (when image contains HTML tags in the first 1KB, some browsers may render it as a HTML file).
-	//     Attention: it may produce false positives in some situations
+	// Perform additional checks for image files - if set to true, validate image size
 	// (This feature works in MX 6.0 and above)
-	Config.SecureImageUploads = 1;
+	Config.SecureImageUploads = true;
 
 	// What the user can do with this connector
@@ -56,4 +51,10 @@
 	//Allowed Resource Types
 	Config.ConfigAllowedTypes 				= "File,Image,Flash,Media" ;
+
+	// For security, HTML is allowed in the first Kb of data for files having the
+	// following extensions only.
+	// (This feature works in MX 6.0 and above))
+	Config.HtmlExtensions					= "html,htm,xml,xsd,txt,js" ;
+
 
 //	Configuration settings for each Resource Type
