From be6ad20aaa6ecef36a565da1293893651350252e Mon Sep 17 00:00:00 2001
From: root <you@example.com>
Date: Tue, 19 Mar 2024 14:23:13 +0530
Subject: [PATCH] #Fixes::158429927::Chaitanya N::Unrestricted file upload in
 company logo(htaccess) is fixed

---
 modules/Migration/schema/800_to_810.php | 33 +++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 modules/Migration/schema/800_to_810.php

diff --git a/modules/Migration/schema/800_to_810.php b/modules/Migration/schema/800_to_810.php
new file mode 100644
index 000000000..c9bf4d9e8
--- /dev/null
+++ b/modules/Migration/schema/800_to_810.php
@@ -0,0 +1,33 @@
+<?php
+/*+********************************************************************************
+ * The contents of this file are subject to the vtiger CRM Public License Version 1.0
+ * ("License"); You may not use this file except in compliance with the License
+ * The Original Code is: vtiger CRM Open Source
+ * The Initial Developer of the Original Code is vtiger.
+ * Portions created by vtiger are Copyright (C) vtiger.
+ * All Rights Reserved.
+ *********************************************************************************/
+
+if (defined('VTIGER_UPGRADE')) {
+	
+	//updating the config file
+	$fileName = 'config.inc.php';
+	if (file_exists($fileName)) {
+		// Read the contents of the file
+		$completeData = file_get_contents('config.inc.php');
+		$pattern = "/upload_badext\s*=+\s*array\(?...+\);/i";
+
+		if (preg_match($pattern, $completeData, $matches)) {
+			$arrayString = $matches[0];
+			$content = '/htaccess/i';
+
+			if (!preg_match($content, $arrayString)) {
+				$updateStringPattern = "/upload_badext\s*=+\s*array\(?...+'/i";
+				preg_match($updateStringPattern,$completeData,$matches);
+				$updatedContent = preg_replace($updateStringPattern, "$matches[0],'htaccess'", $completeData);
+				//Put the new contents into the file
+				file_put_contents($fileName, $updatedContent);
+			}
+		}
+	}
+}
-- 
GitLab