From 436b5ab679fd27afa3d99c023dbe103113da4fee Mon Sep 17 00:00:00 2001
From: Timot Tarjani <ttimotster@gmail.com>
Date: Fri, 23 Oct 2020 19:58:00 +0200
Subject: [PATCH] Security bug fix.

---
 app/Controllers/FileManagerController.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/app/Controllers/FileManagerController.php b/app/Controllers/FileManagerController.php
index b4733dc76..2fd9688a7 100644
--- a/app/Controllers/FileManagerController.php
+++ b/app/Controllers/FileManagerController.php
@@ -10,6 +10,10 @@
 class FileManagerController extends Controller{
  
 
+    private function validationRegex(){
+        return '/^.*\.('.implode('|',["php","php5","php7"]).')$/i';
+    }
+
 
     /**
      * Display a listing of the resource.
@@ -60,7 +64,10 @@ public function fileupload(){
             if ($this->request->hasFile('up_file')){
 
                 foreach($this->request->up_file as $file){
-                   $images[] = $file->store(str_replace("storage/", "", $this->request->input('dir_path')));
+                    
+                    if(!preg_match($this->validationRegex(), strtolower($file))){
+                        $images[] = $file->store(str_replace("storage/", "", $this->request->input('dir_path')));
+                    }
                 }
 
                 if($this->request->ajax()){
@@ -223,7 +230,9 @@ public function rename(){
 
         if($this->request->isMethod('POST')){
 
-            if(\Storage::move($this->request->input('old_file'), $this->request->input('new_file'))){
+            $new_file = $this->request->input('new_file');
+
+            if(!preg_match($this->validationRegex(), strtolower($new_file)) && \Storage::move($this->request->input('old_file'), $new_file)){
                 if($this->request->ajax()){
                     return response()->json(['success' => trans('File successfully renamed!')]);
                 }