security issue: upload any file to server (even PHP file)

[scholtz]

anyone who can execute this file: \src\assets\lib\plupload\examples\upload.php can upload any file to server to location ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload" . DIRECTORY_SEPARATOR . $_REQUEST["name"]

it is quite a serious security bug where there should be filter for the extension of the file..

I recommend to delete this file from production or put exit; on the first line for the release of Bootstrap-Admin-Template