diff --git a/administrator/components/com_installer/models/install.php b/administrator/components/com_installer/models/install.php
index f85abe75e14bd..3f9c7b14aa51b 100644
--- a/administrator/components/com_installer/models/install.php
+++ b/administrator/components/com_installer/models/install.php
@@ -201,7 +201,8 @@ protected function _getPackageFromUpload()
 	{
 		// Get the uploaded file information.
 		$input    = JFactory::getApplication()->input;
-		$userfile = $input->files->get('install_package', null, 'array');
+		// Do not change the filter type 'raw'. We need this to let files containing PHP code to upload. See JInputFiles::get.
+		$userfile = $input->files->get('install_package', null, 'raw');
 
 		// Make sure that file uploads are enabled in php.
 		if (!(bool) ini_get('file_uploads'))
@@ -258,7 +259,7 @@ protected function _getPackageFromUpload()
 
 		// Move uploaded file.
 		jimport('joomla.filesystem.file');
-		JFile::upload($tmp_src, $tmp_dest);
+		JFile::upload($tmp_src, $tmp_dest, false, true);
 
 		// Unpack the downloaded package file.
 		$package = JInstallerHelper::unpack($tmp_dest, true);
diff --git a/libraries/joomla/filesystem/file.php b/libraries/joomla/filesystem/file.php
index 099dc5ef820b1..cc14b9c69109d 100644
--- a/libraries/joomla/filesystem/file.php
+++ b/libraries/joomla/filesystem/file.php
@@ -440,16 +440,17 @@ public static function write($file, &$buffer, $use_streams = false)
 	/**
 	 * Moves an uploaded file to a destination folder
 	 *
-	 * @param   string   $src           The name of the php (temporary) uploaded file
-	 * @param   string   $dest          The path (including filename) to move the uploaded file to
-	 * @param   boolean  $use_streams   True to use streams
-	 * @param   boolean  $allow_unsafe  Allow the upload of unsafe files
+	 * @param   string   $src              The name of the php (temporary) uploaded file
+	 * @param   string   $dest             The path (including filename) to move the uploaded file to
+	 * @param   boolean  $use_streams      True to use streams
+	 * @param   boolean  $allow_unsafe     Allow the upload of unsafe files
+	 * @param   boolean  $safeFileOptions  Options to JFilterInput::isSafeFile
 	 *
 	 * @return  boolean  True on success
 	 *
 	 * @since   11.1
 	 */
-	public static function upload($src, $dest, $use_streams = false, $allow_unsafe = false)
+	public static function upload($src, $dest, $use_streams = false, $allow_unsafe = false, $safeFileOptions = array())
 	{
 		if (!$allow_unsafe)
 		{
@@ -461,7 +462,7 @@ public static function upload($src, $dest, $use_streams = false, $allow_unsafe =
 				'size'     => '',
 			);
 
-			$isSafe = JFilterInput::isSafeFile($descriptor);
+			$isSafe = JFilterInput::isSafeFile($descriptor, $safeFileOptions);
 
 			if (!$isSafe)
 			{
diff --git a/libraries/joomla/filter/input.php b/libraries/joomla/filter/input.php
index 3826ba3d9c975..17a663049a5f8 100644
--- a/libraries/joomla/filter/input.php
+++ b/libraries/joomla/filter/input.php
@@ -327,13 +327,14 @@ public static function checkAttribute($attrSubSet)
 	 * Checks an uploaded for suspicious naming and potential PHP contents which could indicate a hacking attempt.
 	 *
 	 * The options you can define are:
-	 * null_byte Prevent files with a null byte in their name (buffer overflow attack)
-	 * forbidden_extensions Do not allow these strings anywhere in the file's extension
-	 * php_tag_in_content Do not allow <?php tag in content
-	 * shorttag_in_content Do not allow short tag <? in content
-	 * shorttag_extensions Which file extensions to scan for short tags in content
-	 * fobidden_ext_in_content Do not allow forbidden_extensions anywhere in content
-	 * php_ext_content_extensions Which file extensions to scan for .php in content
+	 *
+	 * null_byte                   Prevent files with a null byte in their name (buffer overflow attack)
+	 * forbidden_extensions        Do not allow these strings anywhere in the file's extension
+	 * php_tag_in_content          Do not allow <?php tag in content
+	 * shorttag_in_content         Do not allow short tag <? in content
+	 * shorttag_extensions         Which file extensions to scan for short tags in content
+	 * fobidden_ext_in_content     Do not allow forbidden_extensions anywhere in content
+	 * php_ext_content_extensions  Which file extensions to scan for .php in content
 	 *
 	 * This code is an adaptation and improvement of Admin Tools' UploadShield feature,
 	 * relicensed and contributed by its author.
diff --git a/libraries/joomla/input/files.php b/libraries/joomla/input/files.php
index 37fee94834e39..23aeceffd8c3f 100644
--- a/libraries/joomla/input/files.php
+++ b/libraries/joomla/input/files.php
@@ -76,7 +76,7 @@ public function get($name, $default = null, $filter = 'cmd')
 	{
 		if (isset($this->data[$name]))
 		{
-			// Prevent returning an unsafe file unless speciffically requested
+			// Prevent returning an unsafe file unless specifically requested
 			if (!$this->data[$name]['safe'])
 			{
 				if ($filter != 'raw')