Skip to content

Commit

Permalink
#30 - Security fix: File extension bypass
Browse files Browse the repository at this point in the history
  • Loading branch information
ttimot24 committed May 23, 2021
1 parent 45ace96 commit 9c4d682
Show file tree
Hide file tree
Showing 4 changed files with 356 additions and 931 deletions.
4 changes: 2 additions & 2 deletions app/Controllers/FileManagerController.php
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ public function fileupload(){
if ($this->request->hasFile('up_file')){

foreach($this->request->up_file as $file){

if(!\Security::isExecutable($file)){
$images[] = $file->store(str_replace("storage/", "", $this->request->input('dir_path')));
}
Expand Down Expand Up @@ -224,7 +224,7 @@ public function rename(){

if($this->request->isMethod('POST')){

$new_file = $this->request->input('new_file');
$new_file = trim($this->request->input('new_file'),"/");

if(!\Security::isExecutable($new_file) && \Storage::move($this->request->input('old_file'), $new_file)){
if($this->request->ajax()){
Expand Down
2 changes: 1 addition & 1 deletion app/Helpers/Security.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
class Security{

public static function vulnerableExtensions(){
return '/^.*\.('.implode('|',["php","php5","php7","phar","phtml"]).')$/i';
return '/^.*\.('.implode('|',["php","php5","php7","phar","phtml","htaccess"]).')$/i';
}

public static function isExecutable($file){
Expand Down
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"composer/semver": "*",
"visualappeal/php-auto-update" : "0.14.0",
"madnest/madzipper" : "*",
"wikimedia/composer-merge-plugin": "dev-composer20",
"wikimedia/composer-merge-plugin": "2.x-dev",
"jackiedo/log-reader": "*",
"intervention/image": "*",
"laravel/helpers": "*",
Expand Down
Loading

0 comments on commit 9c4d682

Please sign in to comment.