From f52a8ce8017155a5212c2ea1c9c80a49be872238 Mon Sep 17 00:00:00 2001
From: appu <apparao@vtiger.com>
Date: Tue, 7 Nov 2023 11:38:42 +0530
Subject: [PATCH] #1790::logo upload vulnerability in vtiger 7.5 and possibly
 8.0

---
 data/CRMEntity.php            | 8 ++++----
 include/Webservices/Utils.php | 2 +-
 modules/Users/Users.php       | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/data/CRMEntity.php b/data/CRMEntity.php
index 3a096d823..472ca4710 100644
--- a/data/CRMEntity.php
+++ b/data/CRMEntity.php
@@ -177,7 +177,7 @@ class CRMEntity {
 		}
 
 		// Check 1
-		$save_file = 'true';
+		$save_file = true;
 		//only images are allowed for Image Attachmenttype
 		$mimeType = vtlib_mime_content_type($file_details['tmp_name']);
 		$mimeTypeContents = explode('/', $mimeType);
@@ -186,12 +186,12 @@ class CRMEntity {
 			$save_file = validateImageFile($file_details);
 		}
                 $log->debug("File Validation status in Check1 save_file => $save_file");
-		if ($save_file == 'false') {
+		if (!$save_file) {
 			return false;
 		}
 
 		// Check 2
-		$save_file = 'true';
+		$save_file = true;
 		//only images are allowed for these modules
 		if ($module == 'Contacts' || $module == 'Products') {
 			$save_file = validateImageFile($file_details);
@@ -213,7 +213,7 @@ class CRMEntity {
 		$upload_status = copy($filetmp_name, $upload_file_path . $current_id . "_" . $encryptFileName);
 		// temporary file will be deleted at the end of request
                 $log->debug("Upload status of file => $upload_status");
-		if ($save_file == 'true' && $upload_status == 'true') {
+		if ($save_file && $upload_status == 'true') {
 			if($attachmentType != 'Image' && $this->mode == 'edit') {
 				//Only one Attachment per entity delete previous attachments
 				$res = $adb->pquery('SELECT vtiger_seattachmentsrel.attachmentsid FROM vtiger_seattachmentsrel 
diff --git a/include/Webservices/Utils.php b/include/Webservices/Utils.php
index 720e2c5f5..273196a50 100644
--- a/include/Webservices/Utils.php
+++ b/include/Webservices/Utils.php
@@ -482,7 +482,7 @@ function vtws_CreateCompanyLogoFile($fieldname) {
         $uploaddir = $root_directory ."/test/logo/";
         $binFile = $_FILES[$fieldname]['name'];
         $saveLogo = validateImageFile($_FILES[$fieldname]);
-        if($saveLogo == 'true') {
+        if($saveLogo) {
             move_uploaded_file($_FILES[$fieldname]["tmp_name"], $uploaddir.$binFile);
             copy($uploaddir.$binFile, $uploaddir.'application.ico');
             return $binFile;
diff --git a/modules/Users/Users.php b/modules/Users/Users.php
index 21867f42c..8149093b2 100755
--- a/modules/Users/Users.php
+++ b/modules/Users/Users.php
@@ -1042,12 +1042,12 @@ class Users extends CRMEntity {
 		if(!isset($ownerid) || $ownerid=='')
 			$ownerid = $current_user->id;
 
-		$save_file = 'true';
+		$save_file =  true;
 		//only images are allowed for these modules
 		if($module == 'Users') {
 			$save_file = validateImageFile($file_details);
 		}
-		if ($save_file == 'false') {
+		if (!$save_file) {
 			return;
 		}
 
-- 
GitLab