[Asset] do not allow PHAR upload

pimcore · Mar 19, 2019 · 6ee5d85 · 6ee5d85
1 parent 732f164
commit 6ee5d85
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/models/Asset.php b/models/Asset.php
@@ -619,7 +619,7 @@ public function correctPath()
         }
 
         // do not allow PHP and .htaccess files
-        if (preg_match("@\.ph(p[\d+]?|t|tml|ps)$@i", $this->getFilename()) || $this->getFilename() == '.htaccess') {
+        if (preg_match("@\.ph(p[\d+]?|t|tml|ps|ar)$@i", $this->getFilename()) || $this->getFilename() == '.htaccess') {
             $this->setFilename($this->getFilename() . '.txt');
         }