From: Janusz Dobrowolski Date: Mon, 26 Oct 2020 12:41:48 +0000 (+0100) Subject: Items, Company Setup: additional check to ensure uploaded image compatibility with... X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;ds=sidebyside;h=39d66301fbc4346e2a3978d4a4ce034dc0fc0a1c;p=fa-stable.git Items, Company Setup: additional check to ensure uploaded image compatibility with TCPDF report generator. Fixes [0005189, 0005211] --- diff --git a/admin/company_preferences.php b/admin/company_preferences.php index 77742403..07a56868 100644 --- a/admin/company_preferences.php +++ b/admin/company_preferences.php @@ -19,6 +19,7 @@ include_once($path_to_root . "/includes/date_functions.inc"); include_once($path_to_root . "/includes/ui.inc"); include_once($path_to_root . "/admin/db/company_db.inc"); +include_once($path_to_root . "/reporting/includes/tcpdf.php"); //------------------------------------------------------------------------------------------------- if (isset($_POST['update']) && $_POST['update'] != "") @@ -104,12 +105,20 @@ if (isset($_POST['update']) && $_POST['update'] != "") } } - if ($input_error != 1) - { + if ($input_error != 1) { $result = move_uploaded_file($_FILES['pic']['tmp_name'], $filename); $_POST['coy_logo'] = clean_file_name($_FILES['pic']['name']); - if(!$result) + if(!$result) { display_error(_('Error uploading logo file')); + $input_error = 1; + } else { + $msg = check_image_file($filename); + if ( $msg) { + display_error( $msg); + unlink($filename); + $input_error = 1; + } + } } } if (check_value('del_coy_logo')) diff --git a/inventory/manage/items.php b/inventory/manage/items.php index e76f8b08..653d9e78 100644 --- a/inventory/manage/items.php +++ b/inventory/manage/items.php @@ -12,6 +12,7 @@ $page_security = 'SA_ITEM'; $path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); +include($path_to_root . "/reporting/includes/tcpdf.php"); $js = ""; if ($SysPrefs->use_popup_windows) @@ -87,7 +88,7 @@ if (isset($_FILES['pic']) && $_FILES['pic']['name'] != '') { mkdir($filename); } - $filename .= "/".item_img_name($stock_id).".jpg"; + $filename .= "/".item_img_name($stock_id).(substr(trim($_FILES['pic']['name']), strrpos($_FILES['pic']['name'], '.'))); if ($_FILES['pic']['error'] == UPLOAD_ERR_INI_SIZE) { display_error(_('The file size is over the maximum allowed.')); @@ -137,6 +138,11 @@ if (isset($_FILES['pic']) && $_FILES['pic']['name'] != '') if ($upload_file == 'Yes') { $result = move_uploaded_file($_FILES['pic']['tmp_name'], $filename); + if ($msg = check_image_file($filename)) { + display_error($msg); + unlink($filename); + $upload_file ='No'; + } } $Ajax->activate('details'); /* EOF Add Image upload for New Item - by Ori */ diff --git a/reporting/includes/tcpdf.php b/reporting/includes/tcpdf.php index 60d9e39a..eec95ee9 100644 --- a/reporting/includes/tcpdf.php +++ b/reporting/includes/tcpdf.php @@ -177,6 +177,17 @@ require_once(dirname(__FILE__)."/barcodes.php"); */ require_once(dirname(__FILE__)."/html_entity_decode_php4.php"); +// +// Check image file format against specific TCPDF engine requirements. +// +function check_image_file($filename) +{ + $test = new TCPDF(); + if ( !$test->Image($filename, 0, 0) ) + return _('Unsupported image file format.'); + return ''; +} + if (!class_exists('TCPDF')) { /** * define default PDF document producer @@ -3707,6 +3718,7 @@ if (!class_exists('TCPDF')) { } } $this->endlinex = $this->img_rb_x; + return $info; } /**