Index: /FCKeditor/trunk/editor/filemanager/browser/default/connectors/php/commands.php
===================================================================
--- /FCKeditor/trunk/editor/filemanager/browser/default/connectors/php/commands.php	(revision 390)
+++ /FCKeditor/trunk/editor/filemanager/browser/default/connectors/php/commands.php	(revision 391)
@@ -160,7 +160,4 @@
 		$oFile = $_FILES['NewFile'] ;
 
-		// Map the virtual path to the local server path.
-		$sServerDir = ServerMapFolder( $resourceType, $currentFolder ) ;
-
 		// Get the uploaded file name.
 		$sFileName = $oFile['name'] ;
@@ -170,15 +167,15 @@
 			$sFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sFileName ) ;
 
-		$sOriginalFileName = $sFileName ;
-
-		// Get the extension.
-		$sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
-		$sExtension = strtolower( $sExtension ) ;
-
-		$arAllowed	= $Config['AllowedExtensions'][$resourceType] ;
-		$arDenied	= $Config['DeniedExtensions'][$resourceType] ;
-
-		if ( ( count($arAllowed) == 0 || in_array( $sExtension, $arAllowed ) ) && ( count($arDenied) == 0 || !in_array( $sExtension, $arDenied ) ) )
+		if ( CheckFileName( $sFileName, $resourceType ) )
 		{
+			// Map the virtual path to the local server path.
+			$sServerDir = ServerMapFolder( $resourceType, $currentFolder ) ;
+			
+			$sOriginalFileName = $sFileName ;
+
+			// Get the extension.
+			$sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
+			$sExtension = strtolower( $sExtension ) ;
+
 			$iCounter = 0 ;
 
Index: /FCKeditor/trunk/editor/filemanager/browser/default/connectors/php/io.php
===================================================================
--- /FCKeditor/trunk/editor/filemanager/browser/default/connectors/php/io.php	(revision 390)
+++ /FCKeditor/trunk/editor/filemanager/browser/default/connectors/php/io.php	(revision 391)
@@ -46,5 +46,5 @@
 	{
 		if ( isset( $GLOBALS['HeaderSent'] ) && $GLOBALS['HeaderSent'] )
-		{ 
+		{
 			SendErrorNode( 1, "Error creating folder \"{$sResourceTypePath}\" ({$sErrorMsg})" ) ;
 			CreateXmlFooter() ;
@@ -113,5 +113,5 @@
 	$slash = ( strpos( $sRealPath, '/' ) === false ) ? '\\' : '/' ;
 	$sSelfPath = str_replace( '/', $slash, $sSelfPath ) ;
-	
+
 	$position = strpos( $sRealPath, $sSelfPath ) ;
 
@@ -123,3 +123,28 @@
 	return substr( $sRealPath, 0, $position ) ;
 }
+
+function CheckFileName( $fileName, $resourceType )
+{
+	global $Config ;
+
+	// SA25719
+	if ( strpos( strtolower( $fileName ), '::$data' ) != false )
+		return false ;
+
+	// Get the extension.
+	$sExtension = substr( $fileName, ( strrpos($fileName, '.') + 1 ) ) ;
+	$sExtension = strtolower( $sExtension ) ;
+
+	$arDenied	= $Config['DeniedExtensions'][$resourceType] ;
+
+	if ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) )
+		return false ;
+	
+	$arAllowed	= $Config['AllowedExtensions'][$resourceType] ;
+	
+	if ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) )
+		return false ;
+
+	return true ;
+}
 ?>
Index: /FCKeditor/trunk/editor/filemanager/upload/php/upload.php
===================================================================
--- /FCKeditor/trunk/editor/filemanager/upload/php/upload.php	(revision 390)
+++ /FCKeditor/trunk/editor/filemanager/upload/php/upload.php	(revision 391)
@@ -66,4 +66,8 @@
     SendResults( 1, '', '', 'Invalid type specified' ) ;
 
+// SA25719
+if ( strpos( strtolower( $sFileName ), '::$data' ) != false )
+	SendResults( '202' ) ;
+
 // Get the allowed and denied extensions arrays.
 $arAllowed	= $Config['AllowedExtensions'][$sType] ;