From 6ee5d8536d0802e377594cbe39083e822710aab9 Mon Sep 17 00:00:00 2001
From: Bernhard Rusch <bernhard.rusch@elements.at>
Date: Tue, 19 Mar 2019 14:59:24 +0100
Subject: [PATCH] [Asset] do not allow PHAR upload

---
 models/Asset.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/models/Asset.php b/models/Asset.php
index 4d28af150f2..c8fe1004ce9 100644
--- a/models/Asset.php
+++ b/models/Asset.php
@@ -619,7 +619,7 @@ public function correctPath()
         }
 
         // do not allow PHP and .htaccess files
-        if (preg_match("@\.ph(p[\d+]?|t|tml|ps)$@i", $this->getFilename()) || $this->getFilename() == '.htaccess') {
+        if (preg_match("@\.ph(p[\d+]?|t|tml|ps|ar)$@i", $this->getFilename()) || $this->getFilename() == '.htaccess') {
             $this->setFilename($this->getFilename() . '.txt');
         }