From e5c41d7b4a8b78fe1586986c919c308d1938af0c Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Thu, 27 Apr 2017 11:34:00 +0300
Subject: [PATCH] Check imported file type

---
 app/Http/Controllers/ImportController.php        | 14 ++++++++++++--
 resources/lang/en/texts.php                      |  1 +
 resources/views/accounts/import_export.blade.php |  4 ----
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/app/Http/Controllers/ImportController.php b/app/Http/Controllers/ImportController.php
index 49618a7abc72..1abd269387b8 100644
--- a/app/Http/Controllers/ImportController.php
+++ b/app/Http/Controllers/ImportController.php
@@ -37,8 +37,18 @@ class ImportController extends BaseController
                 $destinationPath = storage_path() . '/import';
                 $extension = $file->getClientOriginalExtension();
 
-                if (! in_array($extension, ['csv', 'xls', 'xlsx', 'json'])) {
-                    continue;
+                if ($source === IMPORT_CSV) {
+                    if ($extension != 'csv') {
+                        return redirect()->to('/settings/' . ACCOUNT_IMPORT_EXPORT)->withError(trans('texts.invalid_file'));
+                    }
+                } elseif ($source === IMPORT_JSON) {
+                    if ($extension != 'json') {
+                        return redirect()->to('/settings/' . ACCOUNT_IMPORT_EXPORT)->withError(trans('texts.invalid_file'));
+                    }
+                } else {
+                    if (! in_array($extension, ['csv', 'xls', 'xlsx', 'json'])) {
+                        return redirect()->to('/settings/' . ACCOUNT_IMPORT_EXPORT)->withError(trans('texts.invalid_file'));
+                    }
                 }
 
                 $newFileName = sprintf('%s_%s_%s.%s', Auth::user()->account_id, $timestamp, $fileName, $extension);
diff --git a/resources/lang/en/texts.php b/resources/lang/en/texts.php
index de34898f48aa..af1428ffa49e 100644
--- a/resources/lang/en/texts.php
+++ b/resources/lang/en/texts.php
@@ -2488,6 +2488,7 @@ $LANG = array(
     'invoice_variables' => 'Invoice Variables',
     'navigation_variables' => 'Navigation Variables',
     'custom_variables' => 'Custom Variables',
+    'invalid_file' => 'Invalid file type',
 
 );
 
diff --git a/resources/views/accounts/import_export.blade.php b/resources/views/accounts/import_export.blade.php
index 512b1d4156ef..76f936ccd81a 100644
--- a/resources/views/accounts/import_export.blade.php
+++ b/resources/views/accounts/import_export.blade.php
@@ -40,10 +40,6 @@
         <div id="jsonIncludes" style="display:none">
             {!! Former::checkboxes('json_include_radio')
                     ->label(trans('texts.include'))
-                    //->check([
-                    //    'data' => true,
-                    //    'settings' => true
-                    //])
                     ->checkboxes([
                         trans('texts.data') => 'data',
                         trans('texts.settings') => 'settings',