From 8a9ca56f549d5b677500069a8e65814315ad44b1 Mon Sep 17 00:00:00 2001
From: root <you@example.com>
Date: Thu, 11 Apr 2024 10:32:57 +0530
Subject: [PATCH] #Fixes::156999305::Chaitanya N::Vtiger image layout path is
 exposed issue is fixed

---
 modules/Reports/models/ScheduleReports.php        |  2 +-
 modules/Settings/Vtiger/models/CompanyDetails.php |  3 ++-
 modules/Vtiger/models/CompanyDetails.php          |  2 +-
 public.php                                        | 14 ++++++++++++++
 vtlib/Vtiger/Functions.php                        | 12 +++++++++++-
 5 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/modules/Reports/models/ScheduleReports.php b/modules/Reports/models/ScheduleReports.php
index 7326ea354..882cf6755 100644
--- a/modules/Reports/models/ScheduleReports.php
+++ b/modules/Reports/models/ScheduleReports.php
@@ -341,7 +341,7 @@ class Reports_ScheduleReports_Model extends Vtiger_Base_Model {
 		$site_URL = vglobal('site_URL');
 		$currentModule = vglobal('currentModule');
 		$companydetails = getCompanyDetails();
-		$logo = $site_URL.'/test/logo/'.$companydetails['logoname'];
+		$logo = Vtiger_Functions::getLogoPublicURL($companydetails['logoname']);
 
 		$body = '<table width="700" cellspacing="0" cellpadding="0" border="0" align="center" style="font-family: Arial,Helvetica,sans-serif; font-size: 12px; font-weight: normal; text-decoration: none; ">
 			<tr>
diff --git a/modules/Settings/Vtiger/models/CompanyDetails.php b/modules/Settings/Vtiger/models/CompanyDetails.php
index c9bb0cf06..d6e507acb 100644
--- a/modules/Settings/Vtiger/models/CompanyDetails.php
+++ b/modules/Settings/Vtiger/models/CompanyDetails.php
@@ -93,11 +93,12 @@ class Settings_Vtiger_CompanyDetails_Model extends Settings_Vtiger_Module_Model
 		$logoPath = $this->logoPath;
 		$handler = @opendir($logoPath);
 		$logoName = decode_html($this->get('logoname'));
+		$logoPath = Vtiger_Functions::getLogoPublicURL($logoName);
 		if ($logoName && $handler) {
 			while ($file = readdir($handler)) {
 				if($logoName === $file && in_array(str_replace('.', '', strtolower(substr($file, -4))), self::$logoSupportedFormats) && $file != "." && $file!= "..") {
 					closedir($handler);
-					return $logoPath.$logoName;
+					return $logoPath;
 				}
 			}
 		}
diff --git a/modules/Vtiger/models/CompanyDetails.php b/modules/Vtiger/models/CompanyDetails.php
index 85ef0ad61..4a270fc88 100644
--- a/modules/Vtiger/models/CompanyDetails.php
+++ b/modules/Vtiger/models/CompanyDetails.php
@@ -22,7 +22,7 @@ class Vtiger_CompanyDetails_Model extends Vtiger_Base_Model {
 		$logoModel = new Vtiger_Image_Model();
 		if(!empty($logoName)) {
 			$companyLogo = array();
-			$companyLogo['imagepath'] = "test/logo/$logoName";
+			$companyLogo['imagepath'] = Vtiger_Functions::getLogoPublicURL($logoName);
 			$companyLogo['alt'] = $companyLogo['title'] = $companyLogo['imagename'] = $logoName;
 			$logoModel->setData($companyLogo);
 		}
diff --git a/public.php b/public.php
index 73d4effeb..ef3b27187 100644
--- a/public.php
+++ b/public.php
@@ -12,4 +12,18 @@ include_once 'vendor/autoload.php';
 include_once 'vtlib/Vtiger/Module.php';
 vimport('includes.runtime.EntryPoint');
 
+if(isset($_REQUEST['type']) && isset($_REQUEST['key']) && $_REQUEST['type'] == 'logo'){
+	$logoPath = 'test/logo/';
+	$allowedLogoImageFormats = Settings_Vtiger_CompanyDetails_Model::$logoSupportedFormats;
+	$fileName = vtlib_purify($_REQUEST['key']);
+	$finalFilePath = $logoPath.$fileName;
+	$extension = explode('.', $fileName);
+	$imageFormat = strtolower($extension[1]);
+	if (in_array($imageFormat, $allowedLogoImageFormats)) {
+		checkFileAccess($finalFilePath);
+		Vtiger_ShowFile_Helper::show($finalFilePath, $imageFormat);
+	}
+	return;
+}
+
 Vtiger_ShowFile_Helper::handle(vtlib_purify($_REQUEST['fid']), vtlib_purify($_REQUEST['key']));
diff --git a/vtlib/Vtiger/Functions.php b/vtlib/Vtiger/Functions.php
index be26f3d92..b423afcd4 100644
--- a/vtlib/Vtiger/Functions.php
+++ b/vtlib/Vtiger/Functions.php
@@ -1613,7 +1613,17 @@ class Vtiger_Functions {
 		}
 		return $publicUrl;
 	}
-
+	
+	/**
+	 * Function to get logo public url
+	 * @param <String> $logoName
+	 * @return <String> $sourceUrl
+	 */
+	public static function getLogoPublicURL($logoName) {
+		$publicUrl = "public.php?type=logo&key=$logoName";
+		return $publicUrl;
+	}
+	
     /**
      * Function to get the attachmentsid to given crmid
      * @param type $crmid
-- 
GitLab