#30 - Security fix: File extension bypass

app/Controllers/FileManagerController.php

@@ -58,7 +58,7 @@ public function fileupload(){
             if ($this->request->hasFile('up_file')){
 
                 foreach($this->request->up_file as $file){
-                    
+
                     if(!\Security::isExecutable($file)){
                         $images[] = $file->store(str_replace("storage/", "", $this->request->input('dir_path')));
                     }
@@ -224,7 +224,7 @@ public function rename(){
 
         if($this->request->isMethod('POST')){
 
-            $new_file = $this->request->input('new_file');
+            $new_file = trim($this->request->input('new_file'),"/");
 
             if(!\Security::isExecutable($new_file) && \Storage::move($this->request->input('old_file'), $new_file)){
                 if($this->request->ajax()){

app/Helpers/Security.php

@@ -3,7 +3,7 @@
 class Security{
 
     public static function vulnerableExtensions(){
-        return '/^.*\.('.implode('|',["php","php5","php7","phar","phtml"]).')$/i';
+        return '/^.*\.('.implode('|',["php","php5","php7","phar","phtml","htaccess"]).')$/i';
     }
 
     public static function isExecutable($file){

composer.json

@@ -11,7 +11,7 @@
         "composer/semver": "*",
         "visualappeal/php-auto-update" : "0.14.0",
         "madnest/madzipper"  : "*",
-        "wikimedia/composer-merge-plugin": "dev-composer20",
+        "wikimedia/composer-merge-plugin": "2.x-dev",
         "jackiedo/log-reader": "*",
         "intervention/image": "*",
         "laravel/helpers": "*",