diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 0c0d23261..b0bf4a6e9 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -1,4 +1,5 @@
 7.6.5
+ - security: A problem was discovered and fixed in which users could email executable attachments to a collaboration system and then when viewed online, could execute them. 
  - fixed #8800: Errors in POD of Asset-related mix-in modules (Bernd Kalbfuß-Zimmermann)
  - fixed: Products imported into the Shelf have bad URLs
  - Deprecated WebGUI::Storage::Image. WebGUI::Storage can now do everything WebGUI::Storage::Image can do.
diff --git a/lib/WebGUI/Storage.pm b/lib/WebGUI/Storage.pm
index 65f8c3545..f2e941191 100644
--- a/lib/WebGUI/Storage.pm
+++ b/lib/WebGUI/Storage.pm
@@ -365,9 +365,12 @@ The content to write to the file.
 =cut
 
 sub addFileFromScalar {
-	my $self = shift;
-	my $filename = $self->session->url->makeCompliant(shift);
-	my $content = shift;
+	my ($self, $filename, $content) = @_;
+    if (isIn($self->getFileExtension($filename), qw(pl perl sh cgi php asp html htm))) { # make us safe from malicious uploads
+        $filename =~ s/\./\_/g;
+        $filename .= ".txt";
+    }
+    $filename = $self->session->url->makeCompliant($filename);
 	if (open(my $FILE, ">", $self->getPath($filename))) {
 		print $FILE $content;
 		close($FILE);