Add .phar to blocked PHP extensions (#39666)

By default Debian includes support for executing .phar files alongside .php and .phtml files, and should be included in the blocked list.
laravel · Nov 18, 2021 · ccea1bf · ccea1bf
1 parent 5168f85
commit ccea1bf
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Illuminate/Validation/Concerns/ValidatesAttributes.php b/src/Illuminate/Validation/Concerns/ValidatesAttributes.php
@@ -1329,7 +1329,7 @@ protected function shouldBlockPhpUpload($value, $parameters)
         }
 
         $phpExtensions = [
-            'php', 'php3', 'php4', 'php5', 'phtml',
+            'php', 'php3', 'php4', 'php5', 'phtml', 'phar',
         ];
 
         return ($value instanceof UploadedFile)