Security bug fix.

ttimot24 · Oct 23, 2020 · 436b5ab · 436b5ab
1 parent a056bab
commit 436b5ab
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/app/Controllers/FileManagerController.php b/app/Controllers/FileManagerController.php
@@ -10,6 +10,10 @@
 class FileManagerController extends Controller{
 
 
+    private function validationRegex(){
+        return '/^.*\.('.implode('|',["php","php5","php7"]).')$/i';
+    }
+
 
     /**
      * Display a listing of the resource.
@@ -60,7 +64,10 @@ public function fileupload(){
             if ($this->request->hasFile('up_file')){
 
                 foreach($this->request->up_file as $file){
-                   $images[] = $file->store(str_replace("storage/", "", $this->request->input('dir_path')));
+
+                    if(!preg_match($this->validationRegex(), strtolower($file))){
+                        $images[] = $file->store(str_replace("storage/", "", $this->request->input('dir_path')));
+                    }
                 }
 
                 if($this->request->ajax()){
@@ -223,7 +230,9 @@ public function rename(){
 
         if($this->request->isMethod('POST')){
 
-            if(\Storage::move($this->request->input('old_file'), $this->request->input('new_file'))){
+            $new_file = $this->request->input('new_file');
+
+            if(!preg_match($this->validationRegex(), strtolower($new_file)) && \Storage::move($this->request->input('old_file'), $new_file)){
                 if($this->request->ajax()){
                     return response()->json(['success' => trans('File successfully renamed!')]);
                 }