diff --git a/modules/Settings/Vtiger/actions/CompanyDetailsSave.php b/modules/Settings/Vtiger/actions/CompanyDetailsSave.php
index 676e22bc2ab7c94fe9f984e377f77893abf80c33..a696717f0725f2ba06a0cc774c79d72e99e3c331 100644
--- a/modules/Settings/Vtiger/actions/CompanyDetailsSave.php
+++ b/modules/Settings/Vtiger/actions/CompanyDetailsSave.php
@@ -12,6 +12,7 @@
class Settings_Vtiger_CompanyDetailsSave_Action extends Settings_Vtiger_Basic_Action {
public function process(Vtiger_Request $request) {
+ global $upload_badext;
$qualifiedModuleName = $request->getModule(false);
$moduleModel = Settings_Vtiger_CompanyDetails_Model::getInstance();
$status = false;
@@ -20,36 +21,18 @@ class Settings_Vtiger_CompanyDetailsSave_Action extends Settings_Vtiger_Basic_Ac
$saveLogo = $status = true;
if(!empty($_FILES['logo']['name'])) {
$logoDetails = $_FILES['logo'];
- $fileType = explode('/', $logoDetails['type']);
- $fileType = $fileType[1];
-
- if (!$logoDetails['size'] || !in_array($fileType, Settings_Vtiger_CompanyDetails_Model::$logoSupportedFormats)) {
- $saveLogo = false;
- }
-
- //mime type check
- $mimeType = vtlib_mime_content_type($logoDetails['tmp_name']);
- $mimeTypeContents = explode('/', $mimeType);
- if (!$logoDetails['size'] || $mimeTypeContents[0] != 'image' || !in_array($mimeTypeContents[1], Settings_Vtiger_CompanyDetails_Model::$logoSupportedFormats)) {
- $saveLogo = false;
- }
- // Check for php code injection
- $imageContents = file_get_contents($_FILES["logo"]["tmp_name"]);
- if (preg_match('/(<\?php?(.*?))/i', $imageContents) == 1) {
- $saveLogo = false;
- }
+ $saveLogo = (Vtiger_Functions::validateImage($logoDetails) == 'true') ? true : false;
if ($saveLogo) {
$moduleModel->saveLogo();
}
- }else{
- $saveLogo = true;
}
$fields = $moduleModel->getFields();
foreach ($fields as $fieldName => $fieldType) {
$fieldValue = $request->get($fieldName);
if ($fieldName === 'logoname') {
if (!empty($logoDetails['name'])) {
- $fieldValue = ltrim(basename(" " . $logoDetails['name']));
+ $fieldValue = sanitizeUploadFileName($logoDetails["name"], $upload_badext);
+ $fieldValue = ltrim(basename(" " . $fieldValue));
} else {
$fieldValue = $moduleModel->get($fieldName);
}
diff --git a/modules/Settings/Vtiger/models/CompanyDetails.php b/modules/Settings/Vtiger/models/CompanyDetails.php
index c4073af843af3bcc86e13c331857fbbf59cde6b6..ccb49c2beb0f3735398ccbf2a310bf4b8760eb28 100644
--- a/modules/Settings/Vtiger/models/CompanyDetails.php
+++ b/modules/Settings/Vtiger/models/CompanyDetails.php
@@ -10,7 +10,7 @@
class Settings_Vtiger_CompanyDetails_Model extends Settings_Vtiger_Module_Model {
- STATIC $logoSupportedFormats = array('jpeg', 'jpg', 'png', 'gif', 'pjpeg', 'x-png');
+ STATIC $logoSupportedFormats = array('jpeg', 'png', 'jpg', 'pjpeg', 'x-png', 'gif', 'bmp', 'x-ms-bmp');
var $baseTable = 'vtiger_organizationdetails';
var $baseIndex = 'organization_id';
@@ -74,12 +74,12 @@ class Settings_Vtiger_CompanyDetails_Model extends Settings_Vtiger_Module_Model
public function getLogoPath() {
$logoPath = $this->logoPath;
$handler = @opendir($logoPath);
- $logoName = $this->get('logoname');
+ $logoName = decode_html($this->get('logoname'));
if ($logoName && $handler) {
while ($file = readdir($handler)) {
if($logoName === $file && in_array(str_replace('.', '', strtolower(substr($file, -4))), self::$logoSupportedFormats) && $file != "." && $file!= "..") {
closedir($handler);
- return $logoPath.$logoName;
+ return $logoPath.rawurlencode($logoName);
}
}
}
@@ -90,10 +90,11 @@ class Settings_Vtiger_CompanyDetails_Model extends Settings_Vtiger_Module_Model
* Function to save the logoinfo
*/
public function saveLogo() {
- $uploadDir = vglobal('root_directory'). '/' .$this->logoPath;
- $logoName = $uploadDir.$_FILES["logo"]["name"];
- move_uploaded_file($_FILES["logo"]["tmp_name"], $logoName);
- copy($logoName, $uploadDir.'application.ico');
+ global $upload_badext;
+ $logoPath = vglobal('root_directory'). '/' .$this->logoPath;
+ $binFile = sanitizeUploadFileName($_FILES["logo"]["name"], $upload_badext);
+ $response = move_uploaded_file($_FILES["logo"]["tmp_name"], $logoPath . $binFile);
+ copy($logoPath . $binFile, $logoPath.'application.ico');
}
/**
diff --git a/vtlib/Vtiger/Functions.php b/vtlib/Vtiger/Functions.php
index a3e5f8eb25d300f7f48271815726b73161f84d7f..f81cb845aa42f57b7bc8f86be7e82467be48d368 100644
--- a/vtlib/Vtiger/Functions.php
+++ b/vtlib/Vtiger/Functions.php
@@ -592,9 +592,9 @@ class Vtiger_Functions {
}
//mime type check
- $mimeType = mime_content_type($file_details['tmp_name']);
+ $mimeType = vtlib_mime_content_type($file_details['tmp_name']);
$mimeTypeContents = explode('/', $mimeType);
- if (!$file_details['size'] || !in_array($mimeTypeContents[1], $mimeTypesList)) {
+ if (!$file_details['size'] || $mimeTypeContents[0] != 'image' || !in_array($mimeTypeContents[1], $mimeTypesList)) {
$saveimage = 'false';
}