Fixed validation of uploaded file before its moved.

data/CRMEntity.php

@@ -136,7 +136,8 @@ class CRMEntity {
 		} else {
 			$file_name = $file_details['name'];
 		}
-                
+
+		// Check 1
                 $save_file = 'true'; 
                 //only images are allowed for Image Attachmenttype 
                 $mimeType = vtlib_mime_content_type($file_details['tmp_name']); 
@@ -149,6 +150,13 @@ class CRMEntity {
                         return false; 
                 } 
 
+		// Check 2
+		$save_file = 'true';
+		//only images are allowed for these modules
+		if ($module == 'Contacts' || $module == 'Products') {
+			$save_file = validateImageFile($file_details);
+		}
+
 		$binFile = sanitizeUploadFileName($file_name, $upload_badext);
 
 		$current_id = $adb->getUniqueID("vtiger_crmentity");
@@ -164,12 +172,6 @@ class CRMEntity {
 		//upload the file in server
 		$upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . "_" . $binFile);
 
-		$save_file = 'true';
-		//only images are allowed for these modules
-		if ($module == 'Contacts' || $module == 'Products') {
-			$save_file = validateImageFile($file_details);
-		}
-
 		if ($save_file == 'true' && $upload_status == 'true') {
 			//This is only to update the attached filename in the vtiger_notes vtiger_table for the Notes module
 			if ($module == 'Contacts' || $module == 'Products') {