Index: /FCKeditor/trunk/editor/filemanager/connectors/php/commands.php
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/php/commands.php	(revision 1614)
+++ /FCKeditor/trunk/editor/filemanager/connectors/php/commands.php	(revision 1615)
@@ -185,5 +185,5 @@
 		if ( isset( $Config['SecureImageUploads'] ) )
 		{
-			if ( !IsImageValid( $oFile['tmp_name'], $sExtension ) )
+			if ( ( $isImageValid = IsImageValid( $oFile['tmp_name'], $sExtension ) ) === false )
 			{
 				$sErrorNumber = '202' ;
@@ -193,5 +193,6 @@
 		if ( isset( $Config['HtmlExtensions'] ) )
 		{
-			if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) && DetectHtml( $oFile['tmp_name'] ) )
+			if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) && 
+				( $detectHtml = DetectHtml( $oFile['tmp_name'] ) ) === true )
 			{
 				$sErrorNumber = '202' ;
@@ -228,4 +229,19 @@
 				}
 			}
+			
+			if ( file_exists( $sFilePath ) )
+			{
+				//previous checks failed, try once again
+				if ( isset( $isImageValid ) && $isImageValid === -1 && IsImageValid( $sFilePath, $sExtension ) === false )
+				{
+					@unlink( $sFilePath ) ;
+					$sErrorNumber = '202' ;
+				}
+				else if ( isset( $detectHtml ) && $detectHtml === -1 && DetectHtml( $sFilePath ) === true )
+				{
+					@unlink( $sFilePath ) ;
+					$sErrorNumber = '202' ;					
+				}
+			}
 		}
 		else
Index: /FCKeditor/trunk/editor/filemanager/connectors/php/util.php
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/php/util.php	(revision 1614)
+++ /FCKeditor/trunk/editor/filemanager/connectors/php/util.php	(revision 1615)
@@ -87,6 +87,14 @@
 function DetectHtml( $filePath )
 {
-	$fp = fopen( $filePath, 'rb' ) ;
+	$fp = @fopen( $filePath, 'rb' ) ;
+	
+	//open_basedir restriction, see #1906
+	if ( $fp === false || !flock( $fp, LOCK_SH ) )
+	{
+		return -1 ;
+	}
+		
 	$chunk = fread( $fp, 1024 ) ;
+	flock( $fp, LOCK_UN ) ;
 	fclose( $fp ) ;
 
@@ -150,4 +158,8 @@
 function IsImageValid( $filePath, $extension )
 {
+	if (!@is_readable($filePath)) {
+		return -1;
+	}
+	
 	$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');
 
