Document - fix stored xss

https://huntr.dev/bounties/99c4ed09-b66f-474a-bd74-eeccf9339fde/
2025-05-24 02:14:21 -04:00 · 2021-11-20 00:17:18 +01:00 · 2021-11-20 00:17:18 +01:00 · 7270d65bda
commit 7270d65bda
parent 2532ec7e76
14 changed files with 14 additions and 14 deletions
--- a/app/Http/Requests/Client/UploadClientRequest.php
+++ b/app/Http/Requests/Client/UploadClientRequest.php
@ -31,7 +31,7 @@ class UploadClientRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/Credit/UploadCreditRequest.php
+++ b/app/Http/Requests/Credit/UploadCreditRequest.php
@ -31,7 +31,7 @@ class UploadCreditRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/Expense/UploadExpenseRequest.php
+++ b/app/Http/Requests/Expense/UploadExpenseRequest.php
@ -31,7 +31,7 @@ class UploadExpenseRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/GroupSetting/UploadGroupSettingRequest.php
+++ b/app/Http/Requests/GroupSetting/UploadGroupSettingRequest.php
@ -31,7 +31,7 @@ class UploadGroupSettingRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/Invoice/UploadInvoiceRequest.php
+++ b/app/Http/Requests/Invoice/UploadInvoiceRequest.php
@ -31,7 +31,7 @@ class UploadInvoiceRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/Payment/UploadPaymentRequest.php
+++ b/app/Http/Requests/Payment/UploadPaymentRequest.php
@ -31,7 +31,7 @@ class UploadPaymentRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/Product/UploadProductRequest.php
+++ b/app/Http/Requests/Product/UploadProductRequest.php
@ -31,7 +31,7 @@ class UploadProductRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/Project/UploadProjectRequest.php
+++ b/app/Http/Requests/Project/UploadProjectRequest.php
@ -31,7 +31,7 @@ class UploadProjectRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/Quote/UploadQuoteRequest.php
+++ b/app/Http/Requests/Quote/UploadQuoteRequest.php
@ -31,7 +31,7 @@ class UploadQuoteRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/RecurringExpense/UploadRecurringExpenseRequest.php
+++ b/app/Http/Requests/RecurringExpense/UploadRecurringExpenseRequest.php
@ -31,7 +31,7 @@ class UploadRecurringExpenseRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/RecurringInvoice/UploadRecurringInvoiceRequest.php
+++ b/app/Http/Requests/RecurringInvoice/UploadRecurringInvoiceRequest.php
@ -31,7 +31,7 @@ class UploadRecurringInvoiceRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/RecurringQuote/UploadRecurringQuoteRequest.php
+++ b/app/Http/Requests/RecurringQuote/UploadRecurringQuoteRequest.php
@ -31,7 +31,7 @@ class UploadRecurringQuoteRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/Task/UploadTaskRequest.php
+++ b/app/Http/Requests/Task/UploadTaskRequest.php
@ -31,7 +31,7 @@ class UploadTaskRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;

--- a/app/Http/Requests/Vendor/UploadVendorRequest.php
+++ b/app/Http/Requests/Vendor/UploadVendorRequest.php
@ -31,7 +31,7 @@ class UploadVendorRequest extends Request
    	$rules = [];

 		if($this->input('documents'))
-            $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';
+            $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000';

    	return $rules;