Drupal sites vulnerable to double-extension attacks

The 90s called. They want their vulnerability back.