Overview
Comment:Fix extension check
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk | stable
Files: files | file ages | folders
SHA3-256: 39b4a4b02581a3d6a1d535813ae98e94a4946046da9d82aaa8587ecb3e19c470
User & Date: bohwaz on 2021-05-25 21:53:17
Other Links: manifest | tags
Context
2021-05-26
18:46
Fix default parent page in selector from edit form check-in: 03693de991 user: bohwaz tags: trunk, stable
2021-05-25
21:53
Fix extension check check-in: 39b4a4b025 user: bohwaz tags: trunk, stable
2021-05-22
14:07
Fix case fold when null check-in: dcde3b82ea user: bohwaz tags: trunk, stable
Changes

Modified src/include/lib/Garradin/Entities/Files/File.php from [a02c6a6277] to [f33e63dac6].

115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
		'image/webp',
		'image/svg+xml',
		'text/plain',
		'text/html',
	];

	// https://book.hacktricks.xyz/pentesting-web/file-upload
	const FORBIDDEN_EXTENSIONS = '!cgi|exe|sh|bash|com|pif|jspx?|js[wxv]|action|do|php(?:s|\d+)?|pht|phtml?|shtml|phar|htaccess|inc|cfml?|cfc|dbm|swf|pl|perl|py|pyc|asp|so!i';

	static public function getColumns(): array
	{
		return array_keys((new self)->_types);
	}

	public function selfCheck(): void







|







115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
		'image/webp',
		'image/svg+xml',
		'text/plain',
		'text/html',
	];

	// https://book.hacktricks.xyz/pentesting-web/file-upload
	const FORBIDDEN_EXTENSIONS = '!^(?:cgi|exe|sh|bash|com|pif|jspx?|js[wxv]|action|do|php(?:s|\d+)?|pht|phtml?|shtml|phar|htaccess|inc|cfml?|cfc|dbm|swf|pl|perl|py|pyc|asp|so)$!i';

	static public function getColumns(): array
	{
		return array_keys((new self)->_types);
	}

	public function selfCheck(): void