Skip to content
Snippets Groups Projects

Fixes: Unrestricted(.htaccess) file upload in company logo issue is fixed

Merged Fixes: Unrestricted(.htaccess) file upload in company logo issue is fixed
chaitanya/vtigercrm:158429927 into master
Merged chaitanya requested to merge chaitanya/vtigercrm:158429927 into master
Compare
and
2 files
+ 10
1
Compare changes
  • Side-by-side
  • Inline
Files
2
vtlib/Vtiger/Functions.php
+ 9
0
@@ -658,6 +658,15 @@ class Vtiger_Functions {
if (!in_array($filetype, $allowedImageFormats)) {
$saveimage = false;
}
//Check if the filename starts with the '.' character and it is not accepted those files.
if ($saveimage) {
$firstCharacter = $file_details['name'][0];
$fileExtensionPath = pathinfo($file_details['name'], PATHINFO_EXTENSION);
if ($firstCharacter == '.' || !in_array(strtolower($fileExtensionPath), $allowedImageFormats)) {
$saveimage = false;
}
}
//mime type check
if ($saveimage) {

Copyright 2023 Vtiger. All rights reserved.