Skip to content

Commit

Permalink
Dissallow all uploads starting with .htaccess
Browse files Browse the repository at this point in the history
  • Loading branch information
@BSteelooper
BSteelooper committed Dec 19, 2019
1 parent c140ff8 commit f79f916
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion data/inc/files.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
<?php
if (isset($_POST['submit'])) {
$filenamestr = strtolower(latinOnlyInput($_FILES['filefile']['name']));
if ($filenamestr == '.htaccess'){
if ($filenamestr == '.htaccess' or strtolower(substr($filenamestr, 0, 9)) == '.htaccess'){
show_error($lang['general']['upload_failed'], 1);
} else {
if (!copy($_FILES['filefile']['tmp_name'], 'files/'.latinOnlyInput(latinOnlyInput($_FILES['filefile']['name']))))
Expand Down

0 comments on commit f79f916

Please sign in to comment.