"Php injection suspect" check in vtlib/Vtiger/Functions.php incorrect?

The existing implementation prevents uploading product images. A solution is given: https://discussions.vtiger.com/discussion/comment/1202931

I've changed: // Check for php code injection if ($saveimage == 'true') { imageContents = file_get_contents(file_details['tmp_name']); if (stripos($imageContents, $shortTagSupported ? "<?" : "<?php") !== false) { // suspicious dynamic content. $log->debug("Php injection suspected"); $saveimage = 'false'; } }

to // Check for php code injection imageContents = file_get_contents(file_details['tmp_name']); if (preg_match('/(<?php?(.*?))/i', $imageContents) == 1) { $saveimage = 'false'; }

to get it working.