Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use regular expressions for files to hide and upload extensions #23

Open
afritsch opened this issue Sep 26, 2015 · 1 comment
Open

Use regular expressions for files to hide and upload extensions #23

afritsch opened this issue Sep 26, 2015 · 1 comment

Comments

@afritsch
Copy link

I am no pro with regexes but this is what I came up with for starters:
For files to hide: [iI][nN][dD][eE][xX]\.([hH][tT][mM][lL]?|[pP][hH][pP])|\..*
This should catch ANY hidden files/folders and files named index.php or index.htm(l). This should also be easily expandable to catch other potentially malicious extensions/scripts (perl, sh, ruby etc).

I would suggest to also use regexes for upload_reject_extension and hidden_dirs and maybe others I didn't consider.

Tested on http://rubular.com/ with teststring

.test/
.htpasswd
.htaccess
index.html
index.php
index.htm
@Indigo744
Copy link

Not exactly what you needed, but I have made a PR with a wildcard option: #48

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@afritsch @Indigo744