From ebbe1f275be5c328368f458212d3e71a6b8ede44 Mon Sep 17 00:00:00 2001
From: Bas S <github@bas.steelooper.com>
Date: Thu, 25 Apr 2019 09:27:35 +0200
Subject: [PATCH] Block htaccess upload

---
 data/inc/files.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/inc/files.php b/data/inc/files.php
index d7c9739b..a2436528 100755
--- a/data/inc/files.php
+++ b/data/inc/files.php
@@ -38,7 +38,7 @@
 			$lastfour = strtolower(substr(latinOnlyInput($_FILES['filefile']['name']), -4));
 			$lastfive = strtolower(substr(latinOnlyInput($_FILES['filefile']['name']), -5));
 			$blockedExtentions = array('.php','php3','php4','php5','php6','php7','phtml');
-			if (in_array($lastfour, $blockedExtentions) or in_array($lastfive, $blockedExtentions) ){
+			if (in_array($lastfour, $blockedExtentions) or in_array($lastfive, $blockedExtentions)  or in_array($lastfive, '.htaccess') ){
 				if (!rename('files/'.latinOnlyInput($_FILES['filefile']['name']), 'files/'.latinOnlyInput($_FILES['filefile']['name']).'.txt')){
 					show_error($lang['general']['upload_failed'], 1);
 				}