[4.x] More php file validation (#8991)

jasonvarga · web-flow · commit 4c6fe041e220 · 2023-11-14T14:32:15.000-05:00
diff --git a/src/Http/Controllers/CP/Assets/AssetsController.php b/src/Http/Controllers/CP/Assets/AssetsController.php
@@ -69,7 +69,7 @@ public function store(Request $request)
             'container' => 'required',
             'folder' => 'required',
             'file' => ['file', function ($attribute, $value, $fail) {
-                if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'phtml'])) {
+                if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'php7', 'php8', 'phtml', 'phar'])) {
                     $fail(__('validation.uploaded'));
                 }
             }],
diff --git a/src/Http/Controllers/CP/Fieldtypes/FilesFieldtypeController.php b/src/Http/Controllers/CP/Fieldtypes/FilesFieldtypeController.php
@@ -12,7 +12,7 @@ public function upload(Request $request)
     {
         $request->validate([
             'file' => ['file', function ($attribute, $value, $fail) {
-                if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'phtml'])) {
+                if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'php7', 'php8', 'phtml', 'phar'])) {
                     $fail(__('validation.uploaded'));
                 }
             }],
diff --git a/src/Http/Controllers/FormController.php b/src/Http/Controllers/FormController.php
@@ -178,7 +178,7 @@ protected function extraRules($fields)
             })
             ->mapWithKeys(function ($field) {
                 return [$field->handle().'.*' => ['file', function ($attribute, $value, $fail) {
-                    if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'phtml'])) {
+                    if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'php7', 'php8', 'phtml', 'phar'])) {
                         $fail(__('validation.uploaded'));
                     }
                 }]];

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ public function store(Request $request)`
`69`	`69`	`'container' => 'required',`
`70`	`70`	`'folder' => 'required',`
`71`	`71`	`'file' => ['file', function ($attribute, $value, $fail) {`
`72`		`- if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'phtml'])) {`
	`72`	`+ if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'php7', 'php8', 'phtml', 'phar'])) {`
`73`	`73`	`$fail(__('validation.uploaded'));`
`74`	`74`	`}`
`75`	`75`	`}],`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ public function upload(Request $request)`
`12`	`12`	`{`
`13`	`13`	`$request->validate([`
`14`	`14`	`'file' => ['file', function ($attribute, $value, $fail) {`
`15`		`- if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'phtml'])) {`
	`15`	`+ if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'php7', 'php8', 'phtml', 'phar'])) {`
`16`	`16`	`$fail(__('validation.uploaded'));`
`17`	`17`	`}`
`18`	`18`	`}],`
Original file line number	Diff line number	Diff line change
`@@ -178,7 +178,7 @@ protected function extraRules($fields)`
`178`	`178`	`})`
`179`	`179`	`->mapWithKeys(function ($field) {`
`180`	`180`	`return [$field->handle().'.*' => ['file', function ($attribute, $value, $fail) {`
`181`		`- if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'phtml'])) {`
	`181`	`+ if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'php7', 'php8', 'phtml', 'phar'])) {`
`182`	`182`	`$fail(__('validation.uploaded'));`
`183`	`183`	`}`
`184`	`184`	`}]];`