Unrestricted php file upload fix (#681)

https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db/
2025-10-29 12:41:10 -04:00 · 2021-12-29 13:33:20 +01:00
parent c9d0a63854
commit cdc913d16c
7 changed files with 176 additions and 8 deletions
--- a/app/Http/Requests/ExpenseRequest.php
+++ b/app/Http/Requests/ExpenseRequest.php
@ -51,6 +51,12 @@ class ExpenseRequest extends FormRequest
            'currency_id' => [
                'required'
            ],
+            'attachment_receipt' => [
+                'nullable',
+                'file',
+                'mimes:jpg,png,pdf,doc,docx,xls,xlsx,ppt,pptx',
+                'max:20000'
+            ]
        ];

        if ($companyCurrency && $this->currency_id) {