From 29efb498233c8910219ffbba07c6bf6cb73326e4 Mon Sep 17 00:00:00 2001 From: s26kkk <208790162+s26kkk@users.noreply.github.com> Date: Sun, 5 Jul 2026 15:34:01 +0200 Subject: [PATCH] Security: Prevent arbitrary file write in editENV method - Added protection against malicious content (PHP tags, eval, system, etc.) - Added size limit - Improved error handling --- app/Http/Controllers/AdminController.php | 35 ++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/AdminController.php b/app/Http/Controllers/AdminController.php index 8dc6874d9..01ff95e41 100755 --- a/app/Http/Controllers/AdminController.php +++ b/app/Http/Controllers/AdminController.php @@ -571,11 +571,42 @@ public function editAC(request $request) //Saves .env config public function editENV(request $request) { + // Protect against malicious env content $config = $request->altConfig; - file_put_contents(".env", $config); + if (empty($config)) { + return back()->with("error", "The configuration is empty."); + } + + // Reject obviously unsafe content + if ( + str_contains($config, "with( + "error", + "This configuration contains disallowed content for security reasons.", + ); + } + + // Optional: enforce a size limit + if (strlen($config) > 10000) { + return back()->with("error", "The configuration is too large."); + } + + file_put_contents(base_path('.env'), $config); + + // Clear cached configuration + try { + \Artisan::call('config:clear'); + \Artisan::call('cache:clear'); + } catch (\Exception $e) { + } - return Redirect("/admin/config?alternative-config"); + return redirect("/admin/config?alternative-config") + ->with("success", "Configuration updated successfully."); } //Shows config file editor page