Block htaccess upload

pluck-cms · Apr 25, 2019 · ebbe1f2 · ebbe1f2
1 parent 892d48a
commit ebbe1f2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/data/inc/files.php b/data/inc/files.php
@@ -38,7 +38,7 @@
 			$lastfour = strtolower(substr(latinOnlyInput($_FILES['filefile']['name']), -4));
 			$lastfive = strtolower(substr(latinOnlyInput($_FILES['filefile']['name']), -5));
 			$blockedExtentions = array('.php','php3','php4','php5','php6','php7','phtml');
-			if (in_array($lastfour, $blockedExtentions) or in_array($lastfive, $blockedExtentions) ){
+			if (in_array($lastfour, $blockedExtentions) or in_array($lastfive, $blockedExtentions)  or in_array($lastfive, '.htaccess') ){
 				if (!rename('files/'.latinOnlyInput($_FILES['filefile']['name']), 'files/'.latinOnlyInput($_FILES['filefile']['name']).'.txt')){
 					show_error($lang['general']['upload_failed'], 1);
 				}