From e631c1dbdce0ff052f5d23eba9728eae68454f8c Mon Sep 17 00:00:00 2001
From: root <you@example.com>
Date: Wed, 14 Feb 2024 14:23:20 +0530
Subject: [PATCH] #Fixes::158429927::Chaitanya N::Unrestricted file upload in
company logo security issue is fixed
---
config.template.php | 2 +-
vtlib/Vtiger/Functions.php | 9 +++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/config.template.php b/config.template.php
index 58806a2f3..81f64b819 100644
--- a/config.template.php
+++ b/config.template.php
@@ -111,7 +111,7 @@ $allow_exports = 'all';
// files with one of these extensions will have '.txt' appended to their filename on upload
// upload_badext default value = php, php3, php4, php5, pl, cgi, py, asp, cfm, js, vbs, html, htm
-$upload_badext = array('php', 'php3', 'php4', 'php5', 'pl', 'cgi', 'py', 'asp', 'cfm', 'js', 'vbs', 'html', 'htm', 'exe', 'bin', 'bat', 'sh', 'dll', 'phps', 'phtml', 'xhtml', 'rb', 'msi', 'jsp', 'shtml', 'sth', 'shtm');
+$upload_badext = array('php', 'php3', 'php4', 'php5', 'pl', 'cgi', 'py', 'asp', 'cfm', 'js', 'vbs', 'html', 'htm', 'exe', 'bin', 'bat', 'sh', 'dll', 'phps', 'phtml', 'xhtml', 'rb', 'msi', 'jsp', 'shtml', 'sth', 'shtm', '.htaccess');
// list_max_entries_per_page default value = 20
$list_max_entries_per_page = '20';
diff --git a/vtlib/Vtiger/Functions.php b/vtlib/Vtiger/Functions.php
index be26f3d92..b231651c2 100644
--- a/vtlib/Vtiger/Functions.php
+++ b/vtlib/Vtiger/Functions.php
@@ -658,6 +658,15 @@ class Vtiger_Functions {
if (!in_array($filetype, $allowedImageFormats)) {
$saveimage = false;
}
+
+ //Check if the filename starts with the '.' character and it is not accepted those files.
+ if ($saveimage) {
+ $firstCharacter = $file_details['name'][0];
+ $fileExtensionPath = pathinfo($file_details['name'], PATHINFO_EXTENSION);
+ if ($firstCharacter == '.' || !in_array(strtolower($fileExtensionPath), $allowedImageFormats)) {
+ $saveimage = false;
+ }
+ }
//mime type check
if ($saveimage) {
--
GitLab