From 9ced2b59466929c73c7a3d03f8f6048493a8e60a Mon Sep 17 00:00:00 2001
From: root <you@example.com>
Date: Mon, 29 Apr 2024 11:48:09 +0530
Subject: [PATCH] Fixes: Unrestricted(.htaccess) file upload in company logo
 issue is fixed

---
 modules/Migration/schema/810_to_820.php | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/modules/Migration/schema/810_to_820.php b/modules/Migration/schema/810_to_820.php
index d0315444b..73ad5bad4 100644
--- a/modules/Migration/schema/810_to_820.php
+++ b/modules/Migration/schema/810_to_820.php
@@ -41,4 +41,25 @@ if (defined('VTIGER_UPGRADE')) {
     $db->pquery('ALTER TABLE vtiger_purchaseorder MODIFY s_h_percent DECIMAL(25,3)', array());
     $db->pquery('ALTER TABLE vtiger_quotes MODIFY s_h_percent DECIMAL(25,3)', array());
 
-}
+	// START - Adding htaccess to upload_badext array in config file.
+	// Updating the config file
+	$fileName = 'config.inc.php';
+	if (file_exists($fileName)) {
+		// Read the contents of the file
+		$completeData = file_get_contents('config.inc.php');
+		$pattern = "/upload_badext\s*=+\s*array\(?...+\);/i";
+		
+		if (preg_match($pattern, $completeData, $matches)) {
+			$arrayString = $matches[0];
+			$content = '/htaccess/i';
+			if (!preg_match($content, $arrayString)) {
+				$updateStringPattern = "/upload_badext\s*=+\s*array\(?...+'/i";
+				preg_match($updateStringPattern,$completeData,$matches);
+				$updatedContent = preg_replace($updateStringPattern, "$matches[0],'htaccess'", $completeData);
+				// Put the new contents into the file
+				file_put_contents($fileName, $updatedContent);
+			}
+		}
+	}
+	//END
+}
\ No newline at end of file
-- 
GitLab