lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX vulenrability reported by wizlynx WLX-2020-012

Browse Source
This commit is contained in:
Laurent Destailleur 2020-06-17 13:42:38 +02:00
parent fdbb6debc9
commit 23df5596e8
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/core/lib/functions.lib.php
View File

@ -8562,15 +8562,18 @@ function dolGetButtonTitle($label, $helpText = '', $iconClass = 'fa fa-file', $u
/**
* Return if a file can contains executable content
*
* @param string $filename File NamedRange
* @param string $filename File name to test
* @return boolean True if yes, False if no
*/
function isAFileWithExecutableContent($filename)
{
if (preg_match('/\.(htm|html|js|php|php\d+|phtml|pl|py|cgi|ksh|sh|bash|bat|cmd|wpk|exe|dmg)$/i', $filename))
if (preg_match('/\.(htm|html|js|phar|php|php\d+|phtml|pht|pl|py|cgi|ksh|sh|shtml|bash|bat|cmd|wpk|exe|dmg)$/i', $filename))
{
return true;
}
if (preg_match('/^\./', $filename)) { // We consider file starting with a . as dangerous as executable files. For example .htaccess, .xxx
return true;
}
return false;
}