Items, Company Setup: additional check to ensure uploaded image compatibility with...

author Janusz Dobrowolski <janusz@frontaccounting.eu>

Mon, 26 Oct 2020 12:41:48 +0000 (13:41 +0100)

committer Janusz Dobrowolski <janusz@frontaccounting.eu>

Mon, 26 Oct 2020 12:47:46 +0000 (13:47 +0100)
author Janusz Dobrowolski <janusz@frontaccounting.eu>
Mon, 26 Oct 2020 12:41:48 +0000 (13:41 +0100)
committer Janusz Dobrowolski <janusz@frontaccounting.eu>
Mon, 26 Oct 2020 12:47:46 +0000 (13:47 +0100)
diff --git a/admin/company_preferences.php b/admin/company_preferences.php

index 77742403113fee2557b6cf5574efa7e0fc7a61d7..07a568689f25ee885fd4a63aab7151a67b2b66a0 100644 (file)
--- a/admin/company_preferences.php
+++ b/admin/company_preferences.php
@@ -19,6 +19,7 @@ include_once($path_to_root . "/includes/date_functions.inc");
  include_once($path_to_root . "/includes/ui.inc");
  
  include_once($path_to_root . "/admin/db/company_db.inc");
+include_once($path_to_root . "/reporting/includes/tcpdf.php");
  //-------------------------------------------------------------------------------------------------
  
  if (isset($_POST['update']) && $_POST['update'] != "")
@@ -104,12 +105,20 @@ if (isset($_POST['update']) && $_POST['update'] != "")
                         }
                 }
  
-               if ($input_error != 1)
-               {
+               if ($input_error != 1) {
                         $result  =  move_uploaded_file($_FILES['pic']['tmp_name'], $filename);
                         $_POST['coy_logo'] = clean_file_name($_FILES['pic']['name']);
-                       if(!$result) 
+                       if(!$result) {
                                 display_error(_('Error uploading logo file'));
+                               $input_error = 1;
+                       } else {
+                               $msg = check_image_file($filename);
+                               if ( $msg) {
+                                       display_error( $msg);
+                                       unlink($filename);
+                                       $input_error = 1;
+                               }
+                       }
                 }
         }
         if (check_value('del_coy_logo'))
diff --git a/inventory/manage/items.php b/inventory/manage/items.php

index e76f8b0849067c9ab58f3a24e2e84f5401de2b23..653d9e78bfad45213db18151cc2996897ac0607e 100644 (file)
--- a/inventory/manage/items.php
+++ b/inventory/manage/items.php
@@ -12,6 +12,7 @@
  $page_security = 'SA_ITEM';
  $path_to_root = "../..";
  include($path_to_root . "/includes/session.inc");
+include($path_to_root . "/reporting/includes/tcpdf.php");
  
  $js = "";
  if ($SysPrefs->use_popup_windows)
@@ -87,7 +88,7 @@ if (isset($_FILES['pic']) && $_FILES['pic']['name'] != '')
         {
                 mkdir($filename);
         }       
-       $filename .= "/".item_img_name($stock_id).".jpg";
+       $filename .= "/".item_img_name($stock_id).(substr(trim($_FILES['pic']['name']), strrpos($_FILES['pic']['name'], '.')));
  
    if ($_FILES['pic']['error'] == UPLOAD_ERR_INI_SIZE) {
      display_error(_('The file size is over the maximum allowed.'));
@@ -137,6 +138,11 @@ if (isset($_FILES['pic']) && $_FILES['pic']['name'] != '')
         if ($upload_file == 'Yes')
         {
                 $result  =  move_uploaded_file($_FILES['pic']['tmp_name'], $filename);
+               if ($msg = check_image_file($filename)) {
+                       display_error($msg);
+                       unlink($filename);
+                       $upload_file ='No';
+               }
         }
         $Ajax->activate('details');
   /* EOF Add Image upload for New Item  - by Ori */
diff --git a/reporting/includes/tcpdf.php b/reporting/includes/tcpdf.php

index 60d9e39a518784dc68cf321cb5e23ba374b62f99..eec95ee9509fc7c5aa662e184795e751e90facea 100644 (file)
--- a/reporting/includes/tcpdf.php
+++ b/reporting/includes/tcpdf.php
@@ -177,6 +177,17 @@ require_once(dirname(__FILE__)."/barcodes.php");
   */
  require_once(dirname(__FILE__)."/html_entity_decode_php4.php");
  
+//
+// Check image file format against specific TCPDF engine requirements.
+//
+function check_image_file($filename)
+{
+       $test = new TCPDF();
+       if ( !$test->Image($filename, 0, 0) )
+               return _('Unsupported image file format.');
+       return '';
+}
+
  if (!class_exists('TCPDF')) {
         /**
          * define default PDF document producer
@@ -3707,6 +3718,7 @@ if (!class_exists('TCPDF')) {
                                 }
                         }
                         $this->endlinex = $this->img_rb_x;
+                       return $info;
                 }
  
                 /**
author	Janusz Dobrowolski <janusz@frontaccounting.eu>
	Mon, 26 Oct 2020 12:41:48 +0000 (13:41 +0100)
committer	Janusz Dobrowolski <janusz@frontaccounting.eu>
	Mon, 26 Oct 2020 12:47:46 +0000 (13:47 +0100)
admin/company_preferences.php		patch \| blob \| history
inventory/manage/items.php		patch \| blob \| history
reporting/includes/tcpdf.php		patch \| blob \| history