Index: editor/filemanager/connectors/php/commands.php
===================================================================
--- editor/filemanager/connectors/php/commands.php	(revision 1591)
+++ editor/filemanager/connectors/php/commands.php	(working copy)
@@ -184,7 +184,7 @@
 
 		if ( isset( $Config['SecureImageUploads'] ) )
 		{
-			if ( !IsImageValid( $oFile['tmp_name'], $sExtension ) )
+			if ( ( $isImageValid = IsImageValid( $oFile['tmp_name'], $sExtension ) ) === false )
 			{
 				$sErrorNumber = '202' ;
 			}
@@ -192,7 +192,8 @@
 
 		if ( isset( $Config['HtmlExtensions'] ) )
 		{
-			if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) && DetectHtml( $oFile['tmp_name'] ) )
+			if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) && 
+				( $detectHtml = DetectHtml( $oFile['tmp_name'] ) ) === true )
 			{
 				$sErrorNumber = '202' ;
 			}
@@ -227,6 +228,21 @@
 					break ;
 				}
 			}
+			
+			if ( file_exists( $sFilePath ) )
+			{
+				//previous checks failed, try once again
+				if ( isset( $isImageValid ) && $isImageValid === -1 && IsImageValid( $sFilePath, $sExtension ) === false )
+				{
+					@unlink( $sFilePath ) ;
+					$sErrorNumber = '202' ;
+				}					
+				if ( isset( $detectHtml ) && $detectHtml === -1 && DetectHtml( $sFilePath ) === true )
+				{
+					@unlink( $sFilePath ) ;
+					$sErrorNumber = '202' ;					
+				}				
+			}
 		}
 		else
 			$sErrorNumber = '202' ;
Index: editor/filemanager/connectors/php/util.php
===================================================================
--- editor/filemanager/connectors/php/util.php	(revision 1591)
+++ editor/filemanager/connectors/php/util.php	(working copy)
@@ -86,8 +86,16 @@
  */
 function DetectHtml( $filePath )
 {
-	$fp = fopen( $filePath, 'rb' ) ;
+	$fp = @fopen( $filePath, 'rb' ) ;
+	
+	//open_basedir restriction, see #1906
+	if ( $fp === false || !flock( $fp, LOCK_SH ) )
+	{
+		return -1 ;
+	}
+		
 	$chunk = fread( $fp, 1024 ) ;
+	flock( $fp, LOCK_UN ) ;
 	fclose( $fp ) ;
 
 	$chunk = strtolower( $chunk ) ;
@@ -149,6 +157,10 @@
  */
 function IsImageValid( $filePath, $extension )
 {
+	if (!@is_readable($filePath)) {
+		return -1;
+	}
+	
 	$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');
 
 	// version_compare is available since PHP4 >= 4.0.7