diff --git a/data/CRMEntity.php b/data/CRMEntity.php
index be109258929dfc0abbf8ce33fb9c93dedcd9a674..ec61d6fed0bf98fd55446e7cc9d3fc6838baaac9 100644
--- a/data/CRMEntity.php
+++ b/data/CRMEntity.php
@@ -183,6 +183,7 @@ class CRMEntity {
if ($attachmentType == 'Image' || ($file_details['size'] && $mimeTypeContents[0] == 'image')) {
$save_file = validateImageFile($file_details);
}
+ $log->debug("File Validation status in Check1 save_file => $save_file");
if ($save_file == 'false') {
return false;
}
@@ -193,7 +194,7 @@ class CRMEntity {
if ($module == 'Contacts' || $module == 'Products') {
$save_file = validateImageFile($file_details);
}
-
+ $log->debug("File Validation status in Check2 save_file => $save_file");
$binFile = sanitizeUploadFileName($file_name, $upload_badext);
$current_id = $adb->getUniqueID("vtiger_crmentity");
@@ -209,7 +210,7 @@ class CRMEntity {
$encryptFileName = Vtiger_Util_Helper::getEncryptedFileName($binFile);
$upload_status = copy($filetmp_name, $upload_file_path . $current_id . "_" . $encryptFileName);
// temporary file will be deleted at the end of request
-
+ $log->debug("Upload status of file => $upload_status");
if ($save_file == 'true' && $upload_status == 'true') {
if($attachmentType != 'Image' && $this->mode == 'edit') {
//Only one Attachment per entity delete previous attachments
@@ -239,9 +240,11 @@ class CRMEntity {
$sql3 = 'INSERT INTO vtiger_seattachmentsrel VALUES(?,?)';
$params3 = array($id, $current_id);
$adb->pquery($sql3, $params3);
+ $log->debug("File uploaded successfully with id => $current_id");
return $current_id;
} else {
//failed to upload file
+ $log->debug('File upload failed');
return false;
}
}
diff --git a/modules/Documents/Documents.php b/modules/Documents/Documents.php
index b1c53de169278c92bc68d65ae3daa53ba8591764..c4060c92655086598d262dc61ed19c5e1abec01d 100644
--- a/modules/Documents/Documents.php
+++ b/modules/Documents/Documents.php
@@ -182,6 +182,10 @@ class Documents extends CRMEntity {
{
$files['original_name'] = vtlib_purify($_REQUEST[$fileindex.'_hidden']);
$file_saved = $this->uploadAndSaveFile($id,$module,$files);
+ if(!$file_saved){
+ $log->debug('file upload failed');
+ return false;
+ }
}
}
diff --git a/modules/Vtiger/models/Record.php b/modules/Vtiger/models/Record.php
index 90a10f6733cf541456f7f4be02667614d4e663e8..463df779201398ec296cd4360e4c25eec3eb7de7 100644
--- a/modules/Vtiger/models/Record.php
+++ b/modules/Vtiger/models/Record.php
@@ -426,7 +426,7 @@ class Vtiger_Record_Model extends Vtiger_Base_Model {
'orgname' => $imageOriginalName,
'path' => $imagePath.$imageId,
'name' => $imageName,
- 'url' => $url
+ 'url' => $url
);
}
}
diff --git a/packages/vtiger/mandatory/Import.zip b/packages/vtiger/mandatory/Import.zip
index 9d441dd9cdd853185c35137696a99a1179cf03b6..197831ca61d5178a5e71af12be588e48e2281dba 100644
Binary files a/packages/vtiger/mandatory/Import.zip and b/packages/vtiger/mandatory/Import.zip differ
diff --git a/packages/vtiger/mandatory/MailManager.zip b/packages/vtiger/mandatory/MailManager.zip
index 3e4b441e2859fcb08c07bbee75407598243b3d73..78b64cd14982546b8564a01aa73343858bbf168f 100644
Binary files a/packages/vtiger/mandatory/MailManager.zip and b/packages/vtiger/mandatory/MailManager.zip differ
diff --git a/packages/vtiger/mandatory/Mobile.zip b/packages/vtiger/mandatory/Mobile.zip
index e35d4cc039e50d1ea97b3b40b6816c5cf1a6aaf9..494d1bb5ed58ce3ca5f90a16ad0e3aec4956b2dd 100644
Binary files a/packages/vtiger/mandatory/Mobile.zip and b/packages/vtiger/mandatory/Mobile.zip differ
diff --git a/packages/vtiger/mandatory/ModTracker.zip b/packages/vtiger/mandatory/ModTracker.zip
index 898bf846008ae450f43338b788b20b9a68b951d9..2890f3939517b195682c8d74f11309d6718630b2 100644
Binary files a/packages/vtiger/mandatory/ModTracker.zip and b/packages/vtiger/mandatory/ModTracker.zip differ
diff --git a/packages/vtiger/mandatory/PBXManager.zip b/packages/vtiger/mandatory/PBXManager.zip
index 4e550ecfca3d4b8c3505f11910377fc5db97f3b0..07720357484e4878f38e42a5fd296ffb599f1bbe 100644
Binary files a/packages/vtiger/mandatory/PBXManager.zip and b/packages/vtiger/mandatory/PBXManager.zip differ
diff --git a/packages/vtiger/mandatory/ServiceContracts.zip b/packages/vtiger/mandatory/ServiceContracts.zip
index d0cca90ea068900ff8925f7e43b36a82649f9256..ff134af75ef9c78a75368a2a7069afda1370caa2 100644
Binary files a/packages/vtiger/mandatory/ServiceContracts.zip and b/packages/vtiger/mandatory/ServiceContracts.zip differ
diff --git a/packages/vtiger/mandatory/Services.zip b/packages/vtiger/mandatory/Services.zip
index 1418a00ac273105bea6dad8b8e6fc5be391cabbb..a0e0d617c24a63483455f91541515ee90ce6f30e 100644
Binary files a/packages/vtiger/mandatory/Services.zip and b/packages/vtiger/mandatory/Services.zip differ
diff --git a/packages/vtiger/mandatory/WSAPP.zip b/packages/vtiger/mandatory/WSAPP.zip
index d4e80dacece263239ff3aab8f948751d6219a3d2..2b0ff12f661597c9fe5fb9cf904d4ce7184cfe7b 100644
Binary files a/packages/vtiger/mandatory/WSAPP.zip and b/packages/vtiger/mandatory/WSAPP.zip differ
diff --git a/packages/vtiger/optional/Assets.zip b/packages/vtiger/optional/Assets.zip
index fa33bbb5422efddf90ed3804e47158638e8e7bec..94a6dbb5d215d9571c48560cc5db12eabd9ce821 100644
Binary files a/packages/vtiger/optional/Assets.zip and b/packages/vtiger/optional/Assets.zip differ
diff --git a/packages/vtiger/optional/CustomerPortal.zip b/packages/vtiger/optional/CustomerPortal.zip
index 506e3534dfd402e726bd73a99b59d20d1a056a31..d81610c26a208ca3563d9e7fb607064b57d7700a 100644
Binary files a/packages/vtiger/optional/CustomerPortal.zip and b/packages/vtiger/optional/CustomerPortal.zip differ
diff --git a/packages/vtiger/optional/EmailTemplates.zip b/packages/vtiger/optional/EmailTemplates.zip
index 2821e48ab5ca4a70c563c4df05633b99b4ec0783..026790a54dc82a03bf187a4cb9841a825e678125 100644
Binary files a/packages/vtiger/optional/EmailTemplates.zip and b/packages/vtiger/optional/EmailTemplates.zip differ
diff --git a/packages/vtiger/optional/Google.zip b/packages/vtiger/optional/Google.zip
index b1c1a46069cba0bdfa60918c433f3b5cbeda4b40..69a3b0c2c368357d452a2003370852082d588d47 100644
Binary files a/packages/vtiger/optional/Google.zip and b/packages/vtiger/optional/Google.zip differ
diff --git a/packages/vtiger/optional/ModComments.zip b/packages/vtiger/optional/ModComments.zip
index 5bbe47b94103db997dd36643c716be9890ae95ab..a1e37d05c84937d116fe22278de9d221f6e0ab05 100644
Binary files a/packages/vtiger/optional/ModComments.zip and b/packages/vtiger/optional/ModComments.zip differ
diff --git a/packages/vtiger/optional/Projects.zip b/packages/vtiger/optional/Projects.zip
index f9c22282348cade71e85073c2778babb96b73e9a..e1a30f8110a5d945d157ff0c1b1b634e2470c475 100644
Binary files a/packages/vtiger/optional/Projects.zip and b/packages/vtiger/optional/Projects.zip differ
diff --git a/packages/vtiger/optional/RecycleBin.zip b/packages/vtiger/optional/RecycleBin.zip
index b4fcfc67ee8a202c756db94ec4d1ea74ab50dfff..f4be09dfb5a977a4c50e0517d5b47b6795eebb11 100644
Binary files a/packages/vtiger/optional/RecycleBin.zip and b/packages/vtiger/optional/RecycleBin.zip differ
diff --git a/packages/vtiger/optional/SMSNotifier.zip b/packages/vtiger/optional/SMSNotifier.zip
index 875b5c236a642270d69dbc289d55d8acab936999..b37d38ef3fb2da91504684ae67a156d408b3e9e4 100644
Binary files a/packages/vtiger/optional/SMSNotifier.zip and b/packages/vtiger/optional/SMSNotifier.zip differ
diff --git a/packages/vtiger/optional/Webforms.zip b/packages/vtiger/optional/Webforms.zip
index 3a9c44138c24c96e97ca125ce7c8b82e1f02a82f..cbe95810c42244eab193eb74d0c16fcf11202946 100644
Binary files a/packages/vtiger/optional/Webforms.zip and b/packages/vtiger/optional/Webforms.zip differ
diff --git a/vtlib/Vtiger/Functions.php b/vtlib/Vtiger/Functions.php
index c726b81842c1abb1584ce93a8e9208a842e3e4be..245cf42c221ad405f6b31c388510eb3ef69e386a 100644
--- a/vtlib/Vtiger/Functions.php
+++ b/vtlib/Vtiger/Functions.php
@@ -637,7 +637,7 @@ class Vtiger_Functions {
}
static function validateImage($file_details) {
- global $app_strings;
+ global $app_strings, $log;
$allowedImageFormats = array('jpeg', 'png', 'jpg', 'pjpeg', 'x-png', 'gif', 'bmp');
$mimeTypesList = array_merge($allowedImageFormats, array('x-ms-bmp'));//bmp another format
@@ -649,6 +649,7 @@ class Vtiger_Functions {
$saveimage = 'true';
if (!in_array($filetype, $allowedImageFormats)) {
+ $log->debug('file type not matched allowed formats');
$saveimage = 'false';
}
@@ -656,6 +657,7 @@ class Vtiger_Functions {
$mimeType = self::mime_content_type($file_details['tmp_name']);
$mimeTypeContents = explode('/', $mimeType);
if (!$file_details['size'] || strtolower($mimeTypeContents[0]) !== 'image' || !in_array($mimeTypeContents[1], $mimeTypesList)) {
+ $log->debug('Failed because of size or image not supported types');
$saveimage = 'false';
}
@@ -666,6 +668,7 @@ class Vtiger_Functions {
if($file_details['type'] == 'image/jpeg' || $file_details['type'] == 'image/tiff') {
$exifdata = @exif_read_data($file_details['tmp_name']);
if($exifdata && !self::validateImageMetadata($exifdata, $shortTagSupported)) {
+ $log->debug('Image metadata validation failed');
$saveimage = 'false';
}
//remove sensitive information(like,GPS or camera information) from the image
@@ -680,6 +683,7 @@ class Vtiger_Functions {
if ($saveimage == 'true') {
$imageContents = file_get_contents($file_details['tmp_name']);
if (stripos($imageContents, $shortTagSupported ? "<?" : "<?php") !== false) { // suspicious dynamic content.
+ $log->debug('Php injection suspected');
$saveimage = 'false';
}
}