mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-04-09 17:39:23 -04:00
Code Issues Packages Projects Releases Wiki Activity

XSS sanity check of uploaded images or excel files (#39)

Browse Source
This commit is contained in:
FrancescoUK
2016-05-26 18:29:33 +01:00
parent 472ce16528
commit e4cb04fd3e
3 changed files with 49 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
application/controllers/Config.php
View File

@@ -35,7 +35,11 @@ class Config extends Secure_area
if (!empty($upload_data['orig_name']))
{
$batch_save_data['company_logo'] = $upload_data['raw_name'] . $upload_data['file_ext'];
// XSS file image sanity check
if ($this->security->xss_clean($upload_data['raw_name'], TRUE) === TRUE)
{
$batch_save_data['company_logo'] = $upload_data['raw_name'] . $upload_data['file_ext'];
}
}
$result = $this->Appconfig->batch_save($batch_save_data);

17
application/controllers/Customers.php
View File

@@ -152,7 +152,8 @@ class Customers extends Person_controller
{
$msg = 'do_excel_import';
$failCodes = array();
if ($_FILES['file_path']['error']!=UPLOAD_ERR_OK)
if ($_FILES['file_path']['error'] != UPLOAD_ERR_OK)
{
$msg = $this->lang->line('items_excel_import_failed');
echo json_encode( array('success'=>false,'message'=>$msg) );
@@ -163,12 +164,20 @@ class Customers extends Person_controller
{
if (($handle = fopen($_FILES['file_path']['tmp_name'], "r")) !== FALSE)
{
//Skip first row
// Skip the first row as it's the table description
fgetcsv($handle);
$i=1;
while (($data = fgetcsv($handle)) !== FALSE)
{
// XSS file data sanity check
if ($this->security->xss_clean($data) === FALSE)
{
echo json_encode( array('success'=>false, 'message'=>'Your uploaded file contains malicious data') );
return;
}
$person_data = array(
'first_name'=>$data[0],
'last_name'=>$data[1],
@@ -208,7 +217,7 @@ class Customers extends Person_controller
}
else
{
echo json_encode( array('success'=>false, 'message'=>'Your upload file has no data or not in supported format.') );
echo json_encode( array('success'=>false, 'message'=>'Your uploaded file has no data or wrong format') );
return;
}
@@ -222,7 +231,7 @@ class Customers extends Person_controller
}
else
{
$msg = "Import Customers successful";
$msg = "Import of Customers successful";
}
echo json_encode( array('success'=>$success, 'message'=>$msg) );

48
application/controllers/Items.php
View File

@@ -331,7 +331,11 @@ class Items extends Secure_area implements iData_controller
if (!empty($upload_data['orig_name']))
{
$item_data['pic_id'] = $upload_data['raw_name'];
// XSS file image sanity check
if ($this->security->xss_clean($upload_data['raw_name'], TRUE) === TRUE)
{
$item_data['pic_id'] = $upload_data['raw_name'];
}
}
$employee_id = $this->Employee->get_logged_in_employee_info()->person_id;
@@ -555,10 +559,11 @@ class Items extends Secure_area implements iData_controller
{
$msg = 'do_excel_import';
$failCodes = array();
if ($_FILES['file_path']['error']!=UPLOAD_ERR_OK)
if ($_FILES['file_path']['error'] != UPLOAD_ERR_OK)
{
$msg = $this->lang->line('items_excel_import_failed');
echo json_encode( array('success'=>false,'message'=>$msg) );
echo json_encode( array('success'=>false, 'message'=>$msg) );
return;
}
@@ -566,13 +571,22 @@ class Items extends Secure_area implements iData_controller
{
if (($handle = fopen($_FILES['file_path']['tmp_name'], "r")) !== FALSE)
{
//Skip first row
// Skip the first row as it's the table description
fgetcsv($handle);
$i=1;
while (($data = fgetcsv($handle)) !== FALSE)
{
if (sizeof($data) >= 23) {
// XSS file data sanity check
if ($this->security->xss_clean($data) === FALSE)
{
echo json_encode( array('success'=>false, 'message'=>'Your uploaded file contains malicious data') );
return;
}
if (sizeof($data) >= 23)
{
$item_data = array(
'name' => $data[1],
'description' => $data[11],
@@ -606,6 +620,7 @@ class Items extends Secure_area implements iData_controller
{
$invalidated = true;
}
if(!$invalidated && $this->Item->save($item_data))
{
$items_taxes_data = null;
@@ -675,18 +690,17 @@ class Items extends Secure_area implements iData_controller
);
$this->Item_quantity->save($item_quantity_data, $item_data['item_id'], $data[$col]);
$excel_data = array
(
'trans_items'=>$item_data['item_id'],
'trans_user'=>$employee_id,
'trans_comment'=>$comment,
'trans_location'=>$location_id,
'trans_inventory'=>0
);
$excel_data = array(
'trans_items'=>$item_data['item_id'],
'trans_user'=>$employee_id,
'trans_comment'=>$comment,
'trans_location'=>$location_id,
'trans_inventory'=>0
);
$this->db->insert('inventory',$excel_data);
}
}
else//insert or update item failure
else //insert or update item failure
{
$failCodes[] = $i;
}
@@ -696,7 +710,7 @@ class Items extends Secure_area implements iData_controller
}
else
{
echo json_encode( array('success'=>false, 'message'=>'Your upload file has no data or not in supported format.') );
echo json_encode( array('success'=>false, 'message'=>'Your uploaded file has no data or wrong format') );
return;
}
@@ -705,12 +719,12 @@ class Items extends Secure_area implements iData_controller
$success = true;
if(count($failCodes) > 0)
{
$msg = "Most items imported. But some were not, here is list of their CODE (" .count($failCodes) ."): ".implode(", ", $failCodes);
$msg = "Most items imported. But some were not, here is list of their CODE (" . count($failCodes) ."): ". implode(", ", $failCodes);
$success = false;
}
else
{
$msg = "Import items successful";
$msg = "Import of Items successful";
}
echo json_encode( array('success'=>$success, 'message'=>$msg) );