From 7a6c6add9264cf8d155cc46cc1ea8e235f69477f Mon Sep 17 00:00:00 2001
From: appu <apparao@vtiger.com>
Date: Fri, 12 Jan 2024 15:20:47 +0530
Subject: [PATCH] #Fixes::158016278::Appu::Company details logo vulnerability
 when uploading images

---
 include/Webservices/Utils.php | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/include/Webservices/Utils.php b/include/Webservices/Utils.php
index 273196a50..06c466507 100644
--- a/include/Webservices/Utils.php
+++ b/include/Webservices/Utils.php
@@ -479,13 +479,20 @@ function vtws_CreateCompanyLogoFile($fieldname) {
     $fileSize = $_FILES[$fieldname]['size'];
     if($fileSize != 0) {
         global $root_directory;
-        $uploaddir = $root_directory ."/test/logo/";
-        $binFile = $_FILES[$fieldname]['name'];
-        $saveLogo = validateImageFile($_FILES[$fieldname]);
-        if($saveLogo) {
-            move_uploaded_file($_FILES[$fieldname]["tmp_name"], $uploaddir.$binFile);
-            copy($uploaddir.$binFile, $uploaddir.'application.ico');
-            return $binFile;
+        //Support formats allowed to upload as per CRM UI.
+        $logoSupportedFormats = array('jpeg', 'jpg', 'png', 'gif', 'pjpeg', 'x-png');
+        
+        $file_type_details = explode("/", $_FILES[$fieldname]['type']);
+        $filetype = $file_type_details['1'];
+        if(in_array($filetype, $logoSupportedFormats)) {
+            $uploaddir = $root_directory ."/test/logo/";
+            $binFile = $_FILES[$fieldname]['name'];
+            $saveLogo = validateImageFile($_FILES[$fieldname]);
+            if($saveLogo) {
+                move_uploaded_file($_FILES[$fieldname]["tmp_name"], $uploaddir.$binFile);
+                copy($uploaddir.$binFile, $uploaddir.'application.ico');
+                return $binFile;
+            }
         }
         throw new WebServiceException(WebServiceErrorCode::$FAILED_TO_UPDATE,
             "$fieldname wrong file type given for upload");
-- 
GitLab