Jump to conversation
Unresolved conversations (1)
@JarJak JarJak Apr 5, 2019
However `.pHp` will still pass this firewall. `strtolower` should be done while checking extensions, not while building the list (maybe change it in separate PR?)
Outdated
src/Config.php
JarJak bobdenotter
Resolved conversations (9)
@JarJak JarJak Apr 11, 2019
Specify exactly which are not accepted, "like php" is not enough.
Outdated
app/config/config.yml.dist
bobdenotter
@JarJak JarJak Apr 11, 2019
Outdated comment
Outdated
src/Config.php
bobdenotter
@JarJak JarJak Apr 5, 2019
else return null
src/Config.php
@xiaohutai xiaohutai Apr 4, 2019
`out` -> `the` ```diff -// To remove unacceptable / unwanted extensions from out list of Acceptable File Types +// To remove unacceptable / unwanted extensions from the list of Acceptable File Types ```
Outdated
src/Config.php
bobdenotter
@Nitpick-CI Nitpick-CI Apr 4, 2019
Expected 1 space after FUNCTION keyword; 0 found
Outdated
src/Config.php
@Nitpick-CI Nitpick-CI Apr 4, 2019
Expected 1 space after FUNCTION keyword; 0 found
Outdated
src/Config.php
@JarJak JarJak Apr 4, 2019
Say yes to these and no to any others
Outdated
src/Config.php
bobdenotter JarJak
xiaohutai
@JarJak JarJak Apr 4, 2019
use collection (bolt has one)
Outdated
src/Config.php
bobdenotter JarJak
@xiaohutai xiaohutai Apr 4, 2019
1. Isn't more transparent if there's only opt-in whitelist via `accept_file_types` in `config.yml`. Now there's a hard-coded blacklist in code that's not really apparent that it exists. If you really need these values I'd prefer defining these in `config.yml` too. But I don't see the point since a whitelist is most likely sufficient already. If users do want to add `php`, isn't it really their fault/problem for opening the gates? 2. I prefer arrays declarations to be like this: ``` [ 'sh', 'asp', 'cgi', 'php', 'php3', 'ph3', 'php4', 'ph4', 'php5', 'ph5', 'phtm', 'phtml', ] ``` (one per line, with trailing comma) Otherwise, there's an space/comma inconsitency at `ph5' ,` ```diff -'ph5' ,'phtm', +'ph5', 'phtm', ```
Outdated
src/Config.php
xiaohutai bobdenotter
JarJak