From 0e60685d3c829580ebb61d50bbd350f64e877f36 Mon Sep 17 00:00:00 2001
From: Uma <uma.s@vtiger.com>
Date: Wed, 11 Nov 2015 09:43:15 +0000
Subject: [PATCH] Merge changes with master branch

---
 modules/Settings/Vtiger/actions/CompanyDetailsSave.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/Settings/Vtiger/actions/CompanyDetailsSave.php b/modules/Settings/Vtiger/actions/CompanyDetailsSave.php
index 44590496d..05901a11e 100644
--- a/modules/Settings/Vtiger/actions/CompanyDetailsSave.php
+++ b/modules/Settings/Vtiger/actions/CompanyDetailsSave.php
@@ -49,6 +49,12 @@ class Settings_Vtiger_CompanyDetailsSave_Action extends Settings_Vtiger_Basic_Ac
 					$saveLogo = false;
 				}
 
+                //mime type check 
+                $mimeType = vtlib_mime_content_type($logoDetails['tmp_name']); 
+                $mimeTypeContents = explode('/', $mimeType); 
+                if (!$logoDetails['size'] || $mimeTypeContents[0] != 'image' || !in_array($mimeTypeContents[1], Settings_Vtiger_CompanyDetails_Model::$logoSupportedFormats)) { 
+                    $saveLogo = false; 
+                } 
 				// Check for php code injection
 				$imageContents = file_get_contents($logoDetails["tmp_name"]);
 				if (preg_match('/(<\?php?(.*?))/i', $imageContents) == 1) {
-- 
GitLab