Index: modules/update/update.manager.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/update/update.manager.inc,v
retrieving revision 1.23
diff -u -p -r1.23 update.manager.inc
--- modules/update/update.manager.inc	26 May 2010 11:50:58 -0000	1.23
+++ modules/update/update.manager.inc	6 Jul 2010 12:11:42 -0000
@@ -539,8 +539,10 @@ function update_manager_install_form_sub
   }
   elseif ($_FILES['files']['name']['project_upload']) {
     $field = 'project_upload';
-    // @todo: add some validators here.
-    $finfo = file_save_upload($field, array(), NULL, FILE_EXISTS_REPLACE);
+    $validators = array(
+      'file_validate_extensions' => array('zip tar tgz gz bz2'),    
+    );
+    $finfo = file_save_upload($field, $validators, NULL, FILE_EXISTS_REPLACE);
     // @todo: find out if the module is already instealled, if so, throw an error.
     $local_cache = $finfo->uri;
   }