Prevent overwriting of encrypted files

joedixon · joedixon · commit befdd4f95a24 · 2022-09-07T17:26:34.000+01:00
diff --git a/src/Illuminate/Foundation/Console/EnvironmentDecryptCommand.php b/src/Illuminate/Foundation/Console/EnvironmentDecryptCommand.php
@@ -80,6 +80,12 @@ public function handle()
         $encryptedFile = $environmentFile.'.encrypted';
         $filename = $this->option('filename') ? base_path($this->option('filename')) : $environmentFile;
 
+        if (Str::endsWith($filename, '.encrypted')) {
+            $this->components->error('Invalid filename.');
+
+            return Command::FAILURE;
+        }
+
         if (! $this->files->exists($encryptedFile)) {
             $this->components->error('Encrypted environment file not found.');
 
diff --git a/tests/Integration/Console/EnvironmentDecryptCommandTest.php b/tests/Integration/Console/EnvironmentDecryptCommandTest.php
@@ -225,4 +225,15 @@ public function testItWritesTheEnvironmentFileCustomFilename()
         $this->filesystem->shouldHaveReceived('put')
             ->with(base_path('.env'), 'APP_NAME="Laravel Two"');
     }
+
+    public function testItCannotOverwriteEncryptedFiles()
+    {
+        $this->artisan('env:decrypt', ['--env' => 'production', '--key' => 'abcdefghijklmnop', '--filename' => '.env.production.encrypted'])
+            ->expectsOutputToContain('Invalid filename.')
+            ->assertExitCode(1);
+
+        $this->artisan('env:decrypt', ['--env' => 'production', '--key' => 'abcdefghijklmnop', '--filename' => '.env.staging.encrypted'])
+            ->expectsOutputToContain('Invalid filename.')
+            ->assertExitCode(1);
+    }
 }
