From 27f3a54ecf21e71c829d0b2517f1e2a3c37992ed Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 15 May 2024 09:29:43 +1000
Subject: [PATCH] Fixes for file_get_contents

---
 app/Http/Controllers/CompanyController.php    | 19 ++++++++++++++-
 app/Http/Controllers/DocumentController.php   |  3 ++-
 .../Requests/Company/UpdateCompanyRequest.php | 10 +++++++-
 app/Jobs/Company/CompanyImport.php            | 20 ++++++++++++++--
 app/Models/Presenters/CompanyPresenter.php    |  1 -
 app/Utils/Traits/MakesInvoiceHtml.php         | 23 -------------------
 6 files changed, 47 insertions(+), 29 deletions(-)

diff --git a/app/Http/Controllers/CompanyController.php b/app/Http/Controllers/CompanyController.php
index 5c5f15a060b0..032ade89cf03 100644
--- a/app/Http/Controllers/CompanyController.php
+++ b/app/Http/Controllers/CompanyController.php
@@ -705,8 +705,25 @@ class CompanyController extends BaseController
         $logo = strlen($company->settings->company_logo) > 5 ? $company->settings->company_logo : 'https://pdf.invoicing.co/favicon-v2.png';
         $headers = ['Content-Disposition' => 'inline'];
 
+        try{
+            $response = \Illuminate\Support\Facades\Http::get($logo);
+
+            if ($response->successful()) {
+                $logo = $response->body();
+            }
+            else {
+                $logo = base64_decode('iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=');
+            }
+
+        }
+        catch(\Exception $e){
+
+            $logo = base64_decode('iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=');
+
+        }
+
         return response()->streamDownload(function () use ($logo) {
-            echo @file_get_contents($logo);
+            echo $logo;
         }, 'logo.png', $headers);
 
     }
diff --git a/app/Http/Controllers/DocumentController.php b/app/Http/Controllers/DocumentController.php
index 20479e552dfb..6b76ce25c3e7 100644
--- a/app/Http/Controllers/DocumentController.php
+++ b/app/Http/Controllers/DocumentController.php
@@ -121,7 +121,8 @@ class DocumentController extends BaseController
         }
 
         return response()->streamDownload(function () use ($document) {
-            echo file_get_contents($document->generateUrl());
+            // echo file_get_contents($document->generateUrl());
+            echo $document->getFile();
         }, basename($document->generateUrl()), $headers);
     }
 
diff --git a/app/Http/Requests/Company/UpdateCompanyRequest.php b/app/Http/Requests/Company/UpdateCompanyRequest.php
index da5395e9410c..e53dade24d1f 100644
--- a/app/Http/Requests/Company/UpdateCompanyRequest.php
+++ b/app/Http/Requests/Company/UpdateCompanyRequest.php
@@ -137,9 +137,12 @@ class UpdateCompanyRequest extends Request
         }
 
         if (isset($settings['email_style_custom'])) {
-            $settings['email_style_custom'] = str_replace(['{!!','!!}','{{','}}','@if(','@endif','@isset','@unless','@auth','@empty','@guest','@env','@section','@switch', '@foreach', '@while', '@include', '@each', '@once', '@push', '@use', '@forelse', '@verbatim', '<?php', '@php', '@for'], '', $settings['email_style_custom']);
+            $settings['email_style_custom'] = str_replace(['{!!','!!}','{{','}}','@dd', '@dump', '@if', '@if(','@endif','@isset','@unless','@auth','@empty','@guest','@env','@section','@switch', '@foreach', '@while', '@include', '@each', '@once', '@push', '@use', '@forelse', '@verbatim', '<?php', '@php', '@for','@class','</s','<s','html;base64'], '', $settings['email_style_custom']);
         }
 
+        if(isset($settings['company_logo']) && strlen($settings['company_logo']) > 2)
+            $settings['company_logo'] = $this->forceScheme($settings['company_logo']);
+
         if (! $account->isFreeHostedClient()) {
             return $settings;
         }
@@ -164,4 +167,9 @@ class UpdateCompanyRequest extends Request
 
         return rtrim($url, '/');
     }
+
+    private function forceScheme($url){
+        return stripos($url, 'http') !== false ? $url : "https://{$url}";
+    }
+
 }
diff --git a/app/Jobs/Company/CompanyImport.php b/app/Jobs/Company/CompanyImport.php
index e1249a67277f..ca36cecf5911 100644
--- a/app/Jobs/Company/CompanyImport.php
+++ b/app/Jobs/Company/CompanyImport.php
@@ -215,6 +215,14 @@ class CompanyImport implements ShouldQueue
         "convert_rate_to_client",
     ];
 
+    private array $protected_input = [
+        'client_portal_privacy_policy',
+        'client_portal_terms',
+        'portal_custom_footer',
+        'portal_custom_css',
+        'portal_custom_head'
+    ];
+
     private array $version_keys = [
         'baseline' => [],
         '5.7.35' => [
@@ -475,9 +483,17 @@ class CompanyImport implements ShouldQueue
         $settings->payment_number_counter = 1;
         $settings->project_number_counter = 1;
         $settings->purchase_order_number_counter = 1;
-        $this->company->settings = $co->settings;
 
-        $this->company->saveSettings($co->settings, $this->company);
+        $settings->email_style_custom = str_replace(['{!!','!!}','{{','}}','@dd', '@dump', '@if', '@if(','@endif','@isset','@unless','@auth','@empty','@guest','@env','@section','@switch', '@foreach', '@while', '@include', '@each', '@once', '@push', '@use', '@forelse', '@verbatim', '<?php', '@php', '@for','@class','</s','<s','html;base64'], '', $settings->email_style_custom);
+        $settings->company_logo = (strlen($settings->company_logo) > 2 && stripos($settings->company_logo, 'http') !== false) ? $settings->company_logo : "https://{$settings->company_logo}";
+
+        foreach($this->protected_input as $protected_var)
+        {
+            $settings->{$protected_var} = str_replace("script", "", $settings->{$protected_var});
+        }
+
+        // $this->company->settings = $co->settings;
+        $this->company->saveSettings($settings, $this->company);
 
         $this->company->save();
 
diff --git a/app/Models/Presenters/CompanyPresenter.php b/app/Models/Presenters/CompanyPresenter.php
index 1a86bc81d5de..085fc2806dd9 100644
--- a/app/Models/Presenters/CompanyPresenter.php
+++ b/app/Models/Presenters/CompanyPresenter.php
@@ -88,7 +88,6 @@ class CompanyPresenter extends EntityPresenter
             return "data:image/png;base64, ". base64_encode(@file_get_contents(url('') . $settings->company_logo, false, stream_context_create($context_options)));
         } else {
             return "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=";
-            //return "data:image/png;base64, ". base64_encode(@file_get_contents(asset('images/new_logo.png'), false, stream_context_create($context_options)));
         }
     }
 
diff --git a/app/Utils/Traits/MakesInvoiceHtml.php b/app/Utils/Traits/MakesInvoiceHtml.php
index 63fc06e73420..33868b0a3d70 100644
--- a/app/Utils/Traits/MakesInvoiceHtml.php
+++ b/app/Utils/Traits/MakesInvoiceHtml.php
@@ -44,29 +44,6 @@ trait MakesInvoiceHtml
 
         return Blade::render($string, $data); //potential fix for removing eval()
 
-        // $php = Blade::compileString($string);
-
-        // $obLevel = ob_get_level();
-        // ob_start();
-        // extract($data, EXTR_SKIP);
-
-        // try {
-        //     eval('?'.'>'.$php);
-        // } catch (Exception $e) {
-        //     while (ob_get_level() > $obLevel) {
-        //         ob_end_clean();
-        //     }
-
-        //     throw $e;
-        // } catch (Throwable $e) {
-        //     while (ob_get_level() > $obLevel) {
-        //         ob_end_clean();
-        //     }
-
-        //     throw new \Exception($e->getMessage());
-        // }
-
-        // return ob_get_clean();
     }
 
     /*