Prevent uploading .phps files

Cockpit-HQ · Aug 6, 2023 · 800c05f · 800c05f
1 parent 6529932
commit 800c05f
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Release Notes
 
+## WIP
+
+- Prevent uploading .phps files
+
 ## 2.6.2 (2023-07-31)
 
 - Add video frame preview (assets manager)

diff --git a/modules/Assets/bootstrap.php b/modules/Assets/bootstrap.php
@@ -78,7 +78,7 @@
                 $_sizeAllowed = $max_size ? filesize($files['tmp_name'][$i]) < $max_size : true;
 
                 // prevent uploading php files
-                if ($_isAllowed && in_array(strtolower(pathinfo($_file, PATHINFO_EXTENSION)), ['php', 'phar', 'phtml'])) {
+                if ($_isAllowed && in_array(strtolower(pathinfo($_file, PATHINFO_EXTENSION)), ['php', 'phar', 'phtml', 'phps'])) {
                     $_isAllowed = false;
                 }