Add security fix.

concretecms · Oct 2, 2021 · 8b3ea9c · 8b3ea9c
1 parent e8f2676
commit 8b3ea9c
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/controllers/backend/file.php b/controllers/backend/file.php
@@ -762,6 +762,14 @@ protected function downloadRemoteURL($url, $temporaryDirectory)
                 throw new UserMessageException(t(/*i18n: %s is an URL*/'Could not determine the name of the file at %s', $url));
             }
         }
+
+        $fileValidationService = $this->app->make('helper/validation/file');
+
+        if (!$fileValidationService->extension($filename)) {
+            $fileHelper = $this->app->make('helper/file');
+            throw new UserMessageException(t('The file extension "%s" is not valid.', $fileHelper->getExtension($filename)));
+        }
+
         $fullFilename = $temporaryDirectory . '/' . $filename;
         // write the downloaded file to a temporary location on disk
         $handle = fopen($fullFilename, 'wb');