dont allow jar or php file uploads

ctf0 · ctf0 · commit c1f98afa49b1 · 2017-08-04T03:57:02.000+02:00
diff --git a/src/Controllers/MediaController.php b/src/Controllers/MediaController.php
@@ -16,7 +16,7 @@ class MediaController extends Controller
     private $fileChars;
     private $folderChars;
     private $sanitizedText;
-    private $framework;
+    private $fw;
 
     public function __construct()
     {
@@ -26,7 +26,7 @@ public function __construct()
         $this->fileChars     = config('mediaManager.allowed_fileNames_chars');
         $this->folderChars   = config('mediaManager.allowed_folderNames_chars');
         $this->sanitizedText = config('mediaManager.sanitized_text');
-        $this->framework     = config('mediaManager.framework');
+        $this->fw            = config('mediaManager.framework');
     }
 
     /**
@@ -36,7 +36,7 @@ public function __construct()
      */
     public function index()
     {
-        return view("MediaManager::{$this->framework}.media");
+        return view("MediaManager::{$this->fw}.media");
     }
 
     /**
@@ -54,8 +54,14 @@ public function upload(Request $request)
         foreach ($request->file as $one) {
             $file_name   = $one->getClientOriginalName();
             $destination = "$upload_path/{$this->cleanName($file_name)}";
+            $file_type   = $one->getMimeType();
 
             try {
+                // stop if "php" or "jar"
+                if (strpos($file_type, "php") || strpos($file_type, "jar")) {
+                    throw new Exception(trans('MediaManager::messages.not_allowed_file_ext', ['attr'=>$file_type]));
+                }
+
                 // check existence
                 if ($this->storageDisk->exists($destination)) {
                     throw new Exception(trans('MediaManager::messages.error_may_exist'));
diff --git a/src/dist/style.c769d7bc24e95f980d5d13b4d8819bdb.css b/src/dist/style.c769d7bc24e95f980d5d13b4d8819bdb.css
diff --git a/src/resources/assets/sass/shared-styles.scss b/src/resources/assets/sass/shared-styles.scss
@@ -59,7 +59,7 @@ $blue_2: #276cda;
     justify-content: space-between;
     .breadcrumb {
         background: none;
-        margin-bottom: 0;
+        margin-bottom: 0 !important;
         padding: 0;
         border-radius: 0;
         list-style: none;
diff --git a/src/resources/lang/en/messages.php b/src/resources/lang/en/messages.php
@@ -33,4 +33,5 @@
     'too_many_files'         => 'Too Many Files...',
     'url'                    => 'URL',
     'upload'                 => 'Upload',
+    'not_allowed_file_ext'   => 'Files Of Type ":attr" Are Not Allowed',
 ];
