Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-11-03 22:07:33 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for file_get_contents

Browse Source
This commit is contained in:
David Bomba 2024-05-15 09:29:43 +10:00
parent b7c20de7ec
commit 27f3a54ecf
6 changed files with 47 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/Http/Controllers/CompanyController.php
View File

@ -705,8 +705,25 @@ class CompanyController extends BaseController
$logo = strlen($company->settings->company_logo) > 5 ? $company->settings->company_logo : 'https://pdf.invoicing.co/favicon-v2.png'; $logo = strlen($company->settings->company_logo) > 5 ? $company->settings->company_logo : 'https://pdf.invoicing.co/favicon-v2.png';
$headers = ['Content-Disposition' => 'inline']; $headers = ['Content-Disposition' => 'inline'];
try{
$response = \Illuminate\Support\Facades\Http::get($logo);
if ($response->successful()) {
$logo = $response->body();
}
else {
$logo = base64_decode('iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=');
}
}
catch(\Exception $e){
$logo = base64_decode('iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=');
}
return response()->streamDownload(function () use ($logo) { return response()->streamDownload(function () use ($logo) {
echo @file_get_contents($logo); echo $logo;
}, 'logo.png', $headers); }, 'logo.png', $headers);
} }

3
app/Http/Controllers/DocumentController.php
View File

@ -121,7 +121,8 @@ class DocumentController extends BaseController
} }
return response()->streamDownload(function () use ($document) { return response()->streamDownload(function () use ($document) {
echo file_get_contents($document->generateUrl()); // echo file_get_contents($document->generateUrl());
echo $document->getFile();
}, basename($document->generateUrl()), $headers); }, basename($document->generateUrl()), $headers);
} }

10
app/Http/Requests/Company/UpdateCompanyRequest.php
View File

@ -137,9 +137,12 @@ class UpdateCompanyRequest extends Request
} }
if (isset($settings['email_style_custom'])) { if (isset($settings['email_style_custom'])) {
$settings['email_style_custom'] = str_replace(['{!!','!!}','{{','}}','@if(','@endif','@isset','@unless','@auth','@empty','@guest','@env','@section','@switch', '@foreach', '@while', '@include', '@each', '@once', '@push', '@use', '@forelse', '@verbatim', '<?php', '@php', '@for'], '', $settings['email_style_custom']); $settings['email_style_custom'] = str_replace(['{!!','!!}','{{','}}','@dd', '@dump', '@if', '@if(','@endif','@isset','@unless','@auth','@empty','@guest','@env','@section','@switch', '@foreach', '@while', '@include', '@each', '@once', '@push', '@use', '@forelse', '@verbatim', '<?php', '@php', '@for','@class','</s','<s','html;base64'], '', $settings['email_style_custom']);
} }
if(isset($settings['company_logo']) && strlen($settings['company_logo']) > 2)
$settings['company_logo'] = $this->forceScheme($settings['company_logo']);
if (! $account->isFreeHostedClient()) { if (! $account->isFreeHostedClient()) {
return $settings; return $settings;
} }
@ -164,4 +167,9 @@ class UpdateCompanyRequest extends Request
return rtrim($url, '/'); return rtrim($url, '/');
} }
private function forceScheme($url){
return stripos($url, 'http') !== false ? $url : "https://{$url}";
}
} }

20
app/Jobs/Company/CompanyImport.php
View File

@ -215,6 +215,14 @@ class CompanyImport implements ShouldQueue
"convert_rate_to_client", "convert_rate_to_client",
]; ];
private array $protected_input = [
'client_portal_privacy_policy',
'client_portal_terms',
'portal_custom_footer',
'portal_custom_css',
'portal_custom_head'
];
private array $version_keys = [ private array $version_keys = [
'baseline' => [], 'baseline' => [],
'5.7.35' => [ '5.7.35' => [
@ -475,9 +483,17 @@ class CompanyImport implements ShouldQueue
$settings->payment_number_counter = 1; $settings->payment_number_counter = 1;
$settings->project_number_counter = 1; $settings->project_number_counter = 1;
$settings->purchase_order_number_counter = 1; $settings->purchase_order_number_counter = 1;
$this->company->settings = $co->settings;
$this->company->saveSettings($co->settings, $this->company); $settings->email_style_custom = str_replace(['{!!','!!}','{{','}}','@dd', '@dump', '@if', '@if(','@endif','@isset','@unless','@auth','@empty','@guest','@env','@section','@switch', '@foreach', '@while', '@include', '@each', '@once', '@push', '@use', '@forelse', '@verbatim', '<?php', '@php', '@for','@class','</s','<s','html;base64'], '', $settings->email_style_custom);
$settings->company_logo = (strlen($settings->company_logo) > 2 && stripos($settings->company_logo, 'http') !== false) ? $settings->company_logo : "https://{$settings->company_logo}";
foreach($this->protected_input as $protected_var)
{
$settings->{$protected_var} = str_replace("script", "", $settings->{$protected_var});
}
// $this->company->settings = $co->settings;
$this->company->saveSettings($settings, $this->company);
$this->company->save(); $this->company->save();

1
app/Models/Presenters/CompanyPresenter.php
View File

@ -88,7 +88,6 @@ class CompanyPresenter extends EntityPresenter
return "data:image/png;base64, ". base64_encode(@file_get_contents(url('') . $settings->company_logo, false, stream_context_create($context_options))); return "data:image/png;base64, ". base64_encode(@file_get_contents(url('') . $settings->company_logo, false, stream_context_create($context_options)));
} else { } else {
return "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII="; return "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=";
//return "data:image/png;base64, ". base64_encode(@file_get_contents(asset('images/new_logo.png'), false, stream_context_create($context_options)));
} }
} }

23
app/Utils/Traits/MakesInvoiceHtml.php
View File

@ -44,29 +44,6 @@ trait MakesInvoiceHtml
return Blade::render($string, $data); //potential fix for removing eval() return Blade::render($string, $data); //potential fix for removing eval()
// $php = Blade::compileString($string);
// $obLevel = ob_get_level();
// ob_start();
// extract($data, EXTR_SKIP);
// try {
// eval('?'.'>'.$php);
// } catch (Exception $e) {
// while (ob_get_level() > $obLevel) {
// ob_end_clean();
// }
// throw $e;
// } catch (Throwable $e) {
// while (ob_get_level() > $obLevel) {
// ob_end_clean();
// }
// throw new \Exception($e->getMessage());
// }
// return ob_get_clean();
} }
/* /*