diff --git a/config.template.php b/config.template.php
index 58806a2f35d3ae94203fa80c92729b60b36fec77..670bd53b7ceb18abb0a7daa264bdadaadc3f61c8 100644
--- a/config.template.php
+++ b/config.template.php
@@ -111,7 +111,7 @@ $allow_exports = 'all';
 
 // files with one of these extensions will have '.txt' appended to their filename on upload
 // upload_badext default value = php, php3, php4, php5, pl, cgi, py, asp, cfm, js, vbs, html, htm
-$upload_badext = array('php', 'php3', 'php4', 'php5', 'pl', 'cgi', 'py', 'asp', 'cfm', 'js', 'vbs', 'html', 'htm', 'exe', 'bin', 'bat', 'sh', 'dll', 'phps', 'phtml', 'xhtml', 'rb', 'msi', 'jsp', 'shtml', 'sth', 'shtm');
+$upload_badext = array('php', 'php3', 'php4', 'php5', 'pl', 'cgi', 'py', 'asp', 'cfm', 'js', 'vbs', 'html', 'htm', 'exe', 'bin', 'bat', 'sh', 'dll', 'phps', 'phtml', 'xhtml', 'rb', 'msi', 'jsp', 'shtml', 'sth', 'shtm', 'htaccess');
 
 // list_max_entries_per_page default value = 20
 $list_max_entries_per_page = '20';
diff --git a/modules/Migration/schema/810_to_820.php b/modules/Migration/schema/810_to_820.php
index 25e10335cb399608746624edac431f414011e511..8253db9f17d0c528e97b0512431af968a5824a7c 100644
--- a/modules/Migration/schema/810_to_820.php
+++ b/modules/Migration/schema/810_to_820.php
@@ -44,4 +44,25 @@ if (defined('VTIGER_UPGRADE')) {
     // Make hidden mandatory fields optional
     $db->pquery("UPDATE vtiger_field SET typeofdata = replace(typeofdata,'~M','~O') where presence =1 and typeofdata like '%~M%'", array());
 
+	// START - Adding htaccess to upload_badext array in config file.
+	// Updating the config file
+	$fileName = 'config.inc.php';
+	if (file_exists($fileName)) {
+		// Read the contents of the file
+		$completeData = file_get_contents('config.inc.php');
+		$pattern = "/upload_badext\s*=+\s*array\(?...+\);/i";
+		
+		if (preg_match($pattern, $completeData, $matches)) {
+			$arrayString = $matches[0];
+			$content = '/htaccess/i';
+			if (!preg_match($content, $arrayString)) {
+				$updateStringPattern = "/upload_badext\s*=+\s*array\(?...+'/i";
+				preg_match($updateStringPattern,$completeData,$matches);
+				$updatedContent = preg_replace($updateStringPattern, "$matches[0],'htaccess'", $completeData);
+				// Put the new contents into the file
+				file_put_contents($fileName, $updatedContent);
+			}
+		}
+	}
+	//END
 }
diff --git a/vtlib/Vtiger/Functions.php b/vtlib/Vtiger/Functions.php
index 047cc46d0fd20c1a901cd3e06d4a144447b91808..e937992e728caa33639cc27f967819c748eb2743 100644
--- a/vtlib/Vtiger/Functions.php
+++ b/vtlib/Vtiger/Functions.php
@@ -658,7 +658,23 @@ class Vtiger_Functions {
         if (!in_array($filetype, $allowedImageFormats)) {
             $saveimage = false;
         }
+		
+		//Checking the path of the file 
+		if ($saveimage) {
+			$fileExtensionPath = pathinfo($file_details['name'], PATHINFO_EXTENSION);
+			if (!in_array(strtolower($fileExtensionPath), $allowedImageFormats)) {
+				$saveimage = false;
+			}
+		}
 
+		//checking the filename has dot character
+		if ($saveimage) {
+			$firstCharacter = $file_details['name'][0];
+			if ($firstCharacter == '.') {
+				$saveimage = false;
+			}
+		}
+		
         //mime type check
         if ($saveimage) {
             $mimeType = mime_content_type($file_details['tmp_name']);