[3.4] More php file validation (#8992)

jasonvarga · web-flow · commit da28afde818d · 2023-11-14T14:32:25.000-05:00
diff --git a/src/Http/Controllers/CP/Assets/AssetsController.php b/src/Http/Controllers/CP/Assets/AssetsController.php
@@ -69,7 +69,7 @@ public function store(Request $request)
             'container' => 'required',
             'folder' => 'required',
             'file' => ['file', function ($attribute, $value, $fail) {
-                if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'phtml'])) {
+                if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'php7', 'php8', 'phtml', 'phar'])) {
                     $fail(__('validation.uploaded'));
                 }
             }],
diff --git a/src/Http/Controllers/CP/Fieldtypes/FilesFieldtypeController.php b/src/Http/Controllers/CP/Fieldtypes/FilesFieldtypeController.php
@@ -12,7 +12,7 @@ public function upload(Request $request)
     {
         $request->validate([
             'file' => ['file', function ($attribute, $value, $fail) {
-                if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'phtml'])) {
+                if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'php7', 'php8', 'phtml', 'phar'])) {
                     $fail(__('validation.uploaded'));
                 }
             }],
diff --git a/src/Http/Controllers/FormController.php b/src/Http/Controllers/FormController.php
@@ -165,7 +165,7 @@ protected function extraRules($fields)
             })
             ->mapWithKeys(function ($field) {
                 return [$field->handle().'.*' => ['file', function ($attribute, $value, $fail) {
-                    if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'phtml'])) {
+                    if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'php7', 'php8', 'phtml', 'phar'])) {
                         $fail(__('validation.uploaded'));
                     }
                 }]];

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ public function store(Request $request)`
`69`	`69`	`'container' => 'required',`
`70`	`70`	`'folder' => 'required',`
`71`	`71`	`'file' => ['file', function ($attribute, $value, $fail) {`
`72`		`- if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'phtml'])) {`
	`72`	`+ if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'php7', 'php8', 'phtml', 'phar'])) {`
`73`	`73`	`$fail(__('validation.uploaded'));`
`74`	`74`	`}`
`75`	`75`	`}],`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ public function upload(Request $request)`
`12`	`12`	`{`
`13`	`13`	`$request->validate([`
`14`	`14`	`'file' => ['file', function ($attribute, $value, $fail) {`
`15`		`- if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'phtml'])) {`
	`15`	`+ if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'php7', 'php8', 'phtml', 'phar'])) {`
`16`	`16`	`$fail(__('validation.uploaded'));`
`17`	`17`	`}`
`18`	`18`	`}],`
Original file line number	Diff line number	Diff line change
`@@ -165,7 +165,7 @@ protected function extraRules($fields)`
`165`	`165`	`})`
`166`	`166`	`->mapWithKeys(function ($field) {`
`167`	`167`	`return [$field->handle().'.*' => ['file', function ($attribute, $value, $fail) {`
`168`		`- if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'phtml'])) {`
	`168`	`+ if (in_array(trim(strtolower($value->getClientOriginalExtension())), ['php', 'php3', 'php4', 'php5', 'php7', 'php8', 'phtml', 'phar'])) {`
`169`	`169`	`$fail(__('validation.uploaded'));`
`170`	`170`	`}`
`171`	`171`	`}]];`