import file validation

Author: callcenter-magnus

protected/components/CSVActiveRecorder.php

@@ -15,9 +15,7 @@ public function __construct(array $data, $model, $additionalParams = [])
     {
 
         $this->model = $model;
-        if (isset($data['filename'])) {
-            chmod($data['filename'], 0777);
-        }
+
 
         $this->translations     = require __DIR__ . '/../../resources/locale/php/en/csv-translate.php';
         $this->data             = $data;
@@ -45,41 +43,46 @@ public function save()
             $this->addError($e->getMessage());
             return false;
         }
-
     }
 
     private function createSQL($tableName)
     {
         $sql = "LOAD DATA LOCAL INFILE '" . $this->data['filename'] . "'" .
-        " INTO TABLE " . $tableName .
-        " CHARACTER SET UTF8 " .
-        " FIELDS TERMINATED BY '" . $this->data['boundaries']['delimiter'] . "'" .
+            " INTO TABLE " . $tableName .
+            " CHARACTER SET UTF8 " .
+            " FIELDS TERMINATED BY '" . $this->data['boundaries']['delimiter'] . "'" .
             " LINES TERMINATED BY '\\r\\n'" .
             " IGNORE 1 LINES";
 
-        $sql .= " (" . implode(",", array_map(
-            function ($v) {
-                return '@' . $v;
-            },
-            array_keys($this->data['columns'])
-        )
+        $sql .= " (" . implode(
+            ",",
+            array_map(
+                function ($v) {
+                    return '@' . $v;
+                },
+                array_keys($this->data['columns'])
+            )
         ) . ")";
 
         $columns = $this->data['columns'];
-        $sql .= " SET " . implode(" ", array_map(
-            function ($v) use ($columns) {
-                return $columns[$v] . " = @" . $v . ", ";
-            },
-            array_keys($this->data["columns"])
-        )
-        );
-        if ($this->data["additionalParams"] > 0) {
-            $sql .= " " . implode(" ", array_map(
-                function ($v) {
-                    return $v['key'] . '= "' . $v['value'] . '",';
+        $sql .= " SET " . implode(
+            " ",
+            array_map(
+                function ($v) use ($columns) {
+                    return $columns[$v] . " = @" . $v . ", ";
                 },
-                $this->additionalParams
+                array_keys($this->data["columns"])
             )
+        );
+        if ($this->data["additionalParams"] > 0) {
+            $sql .= " " . implode(
+                " ",
+                array_map(
+                    function ($v) {
+                        return $v['key'] . '= "' . $v['value'] . '",';
+                    },
+                    $this->additionalParams
+                )
             );
         }
 
@@ -101,10 +104,9 @@ public function translateColumns()
                     $foundTranslation          = true;
                 }
             }
-            if ( ! $foundTranslation) {
+            if (! $foundTranslation) {
                 $resultColumns[$csvColumn] = $csvColumn;
             }
-
         }
         return $resultColumns;
     }

protected/components/Util.php

@@ -296,20 +296,81 @@ public static function calculation_price($buyrate, $duration, $initblock, $incre
         return $ratecost;
     }
 
-    public static function valid_extension($filename, $allowed = [])
+    /**
+     * Validate file extension and real MIME type.
+     *
+     * @param string $tmpPath      Temporary path (ex: $_FILES['file']['tmp_name'])
+     * @param string $originalName Original filename (ex: $_FILES['file']['name'])
+     * @param array  $allowed      Allowed extensions (ex: ['png','jpg','pdf'])
+     * @return array               ['ext' => 'png', 'mime' => 'image/png']
+     */
+    public static function validExtension($tmpPath, $originalName, array $allowed = [])
     {
-        $ext = strtolower(CFileHelper::getExtension($filename));
+        // Extension -> MIME map (only safe/common formats)
+        $mimeMap = [
+            'jpg'  => ['image/jpeg', 'image/pjpeg'],
+            'jpeg' => ['image/jpeg', 'image/pjpeg'],
+            'png'  => ['image/png'],
+            'gif'  => ['image/gif'],
+            'txt'  => ['text/plain'],
+            'csv'  => ['text/csv', 'application/vnd.ms-excel', 'text/plain'],
+            'wav'  => ['audio/wav', 'audio/x-wav', 'audio/wave'],
+            'gsm'  => ['audio/x-gsm'],
+        ];
+
+        // Get extension from original filename
+        $ext = strtolower(pathinfo($originalName, PATHINFO_EXTENSION));
+
+        // Block dangerous extensions explicitly
+        $dangerous = ['php', 'phtml', 'phar', 'php5', 'php7', 'php8', 'cgi', 'pl', 'exe', 'sh', 'bash'];
+        if (in_array($ext, $dangerous, true)) {
+            self::jsonError();
+        }
 
-        if (! in_array($ext, $allowed)) {
-            echo json_encode([
-                'success' => false,
-                'errors'  => 'File error',
-            ]);
-            exit;
+        // Check if extension is in the allowed list
+        if (!in_array($ext, $allowed, true)) {
+            self::jsonError();
+        }
+
+        // Check if we have a MIME map for this extension
+        if (!isset($mimeMap[$ext])) {
+            self::jsonError();
+        }
+
+        // Detect real MIME type
+        $finfo = new finfo(FILEINFO_MIME_TYPE);
+        $mime  = $finfo->file($tmpPath) ?: '';
+
+        // Block empty or generic MIME
+        if ($mime === '' || $mime === 'application/octet-stream') {
+            self::jsonError();
+        }
+
+        // Check if real MIME matches the allowed ones for this extension
+        if (!in_array($mime, $mimeMap[$ext], true)) {
+            self::jsonError();
+        }
+
+        // Extra check for images
+        if (in_array($ext, ['jpg', 'jpeg', 'png', 'gif'], true)) {
+            $img = @getimagesize($tmpPath);
+            if ($img === false) {
+                self::jsonError();
+            }
         }
 
         return $ext;
     }
+
+    private static function jsonError()
+    {
+        echo json_encode([
+            'success' => false,
+            'errors'  => 'File error',
+        ]);
+        Yii::app()->end();
+    }
+
     public static function isJson($string)
     {
         if (!is_string($string)) {

protected/controllers/AuthenticationController.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * =======================================
  * ###################################
@@ -52,7 +53,8 @@ public function actionLogin()
             [
                 'condition' => $condition,
                 'params'    => [':user' => $user, ':pass' => $password],
-            ]);
+            ]
+        );
 
         $loginkey = isset($_POST['loginkey']) ? $_POST['loginkey'] : false;
 
@@ -65,7 +67,7 @@ public function actionLogin()
             $mail->send();
         }
 
-        if ( ! isset($modelUser->id)) {
+        if (! isset($modelUser->id)) {
             Yii::app()->session['logged'] = false;
             echo json_encode([
                 'success' => false,
@@ -145,20 +147,21 @@ public function actionLogin()
                 }
                 Yii::app()->session['googleAuthenticatorKey'] = $ga->getQRCodeGoogleUrl('VoIP-' . $modelUser->username . '-' . $modelUser->id, $secret);
 
-                $modelLogUsers = LogUsers::model()->count('id_user = :key AND ip = :key1 AND description = :key2 AND date > :key3',
+                $modelLogUsers = LogUsers::model()->count(
+                    'id_user = :key AND ip = :key1 AND description = :key2 AND date > :key3',
                     [
                         ':key'  => $modelUser->id,
                         ':key1' => $_SERVER['REMOTE_ADDR'],
                         ':key2' => 'Username Login on the panel - User ' . $modelUser->username,
                         ':key3' => date('Y-m-d'),
-                    ]);
+                    ]
+                );
                 if ($modelLogUsers > 0) {
                     Yii::app()->session['checkGoogleAuthenticator'] = false;
                 } else {
                     Yii::app()->session['checkGoogleAuthenticator'] = true;
                 }
             }
-
         } else {
             Yii::app()->session['showGoogleCode']           = false;
             Yii::app()->session['newGoogleAuthenticator']   = false;
@@ -177,7 +180,6 @@ public function actionLogin()
             'success' => Yii::app()->session['username'],
             'msg'     => Yii::app()->session['name_user'],
         ]);
-
     }
 
     private function mountMenu()
@@ -229,8 +231,10 @@ public function actionCheck()
         if (Yii::app()->session['logged']) {
 
             $this->mountMenu();
-            $modelGroupUserGroup = GroupUserGroup::model()->count('id_group_user = :key',
-                [':key' => Yii::app()->session['id_group']]);
+            $modelGroupUserGroup = GroupUserGroup::model()->count(
+                'id_group_user = :key',
+                [':key' => Yii::app()->session['id_group']]
+            );
 
             $modelGroupUser = GroupUser::model()->findByPk(Yii::app()->session['id_group']);
 
@@ -410,7 +414,6 @@ public function actionGoogleAuthenticator()
             'success' => $sussess,
             'msg'     => Yii::app()->session['name_user'],
         ]);
-
     }
 
     public function actionChangePassword()
@@ -422,18 +425,18 @@ public function actionChangePassword()
         $isClient        = Yii::app()->session['isClient'];
         $errors          = '';
 
-        $modelUser = User::model()->find("id LIKE :id_user AND password LIKE :currentPassword",
+        $modelUser = User::model()->find(
+            "id LIKE :id_user AND password LIKE :currentPassword",
             [
                 ":id_user"         => $id_user,
                 ":currentPassword" => $currentPassword,
-            ]);
+            ]
+        );
 
         if (isset($modelUser->id)) {
-            try
-            {
+            try {
                 $modelUser->password = $newPassword;
                 $passwordChanged     = $modelUser->save();
-
             } catch (Exception $e) {
                 $errors = $this->getErrorMySql($e);
             }
@@ -460,7 +463,7 @@ public function actionImportLogo()
             } else {
                 $uploadfile = $uploaddir . 'logo_custom.png';
             }
-            $typefile = Util::valid_extension($_FILES["logo"]["name"], ['png']);
+            Util::validExtension($_FILES['logo']['tmp_name'], $_FILES["logo"]["name"], ['png']);
 
             move_uploaded_file($_FILES["logo"]["tmp_name"], $uploadfile);
         }
@@ -476,7 +479,7 @@ public function actionImportWallpapers()
         if (isset($_FILES['wallpaper']['tmp_name']) && strlen($_FILES['wallpaper']['tmp_name']) > 3) {
 
             $uploaddir = "resources/images/wallpapers/";
-            $typefile  = Util::valid_extension($_FILES["wallpaper"]["name"], ['jpg']);
+            Util::validExtension($_FILES['wallpaper']['tmp_name'], $_FILES["wallpaper"]["name"], ['jpg']);
 
             $uploadfile = $uploaddir . 'Customization.jpg';
             move_uploaded_file($_FILES["wallpaper"]["tmp_name"], $uploadfile);
@@ -495,7 +498,6 @@ public function actionImportWallpapers()
             'success' => $success,
             'msg'     => $msg,
         ]);
-
     }
 
     public function actionImportLoginBackground()
@@ -505,7 +507,7 @@ public function actionImportLoginBackground()
 
         if (isset($_FILES['loginbackground']['tmp_name']) && strlen($_FILES['loginbackground']['tmp_name']) > 3) {
 
-            $typefile = Util::valid_extension($_FILES["loginbackground"]["name"], ['jpg']);
+            Util::validExtension($_FILES['loginbackground']['tmp_name'], $_FILES["loginbackground"]["name"], ['jpg']);
 
             $uploadfile = 'resources/images/lock-screen-background.jpg';
             try {
@@ -514,17 +516,7 @@ public function actionImportLoginBackground()
                 $msg     = 'Refresh the system to see the new wallpaper';
             } catch (Exception $e) {
             }
-
         }
-
-        $colors = ['black', 'blue', 'gray', 'orange', 'purple', 'red', 'yellow', 'green'];
-        foreach ($colors as $key => $color) {
-            $types = ['crisp', 'neptune', 'triton'];
-            foreach ($types as $key => $type) {
-                copy("/var/www/html/mbilling/resources/images/lock-screen-background.jpg", "/var/www/html/mbilling/$color-$type/resources/images/lock-screen-background.jpg");
-            }
-        }
-
         echo json_encode([
             'success' => $success,
             'msg'     => $msg,
@@ -569,7 +561,6 @@ public function actionForgetPassword()
             'success' => $success,
             'msg'     => $msg,
         ]);
-
     }
 
     public function actionCancelCreditNotification()
@@ -648,11 +639,12 @@ public function checkCaptcha()
                 ]
             );
 
-            $opts = ['http' => [
-                'method'  => 'POST',
-                'header'  => 'Content-type: application/x-www-form-urlencoded',
-                'content' => $post_data,
-            ],
+            $opts = [
+                'http' => [
+                    'method'  => 'POST',
+                    'header'  => 'Content-type: application/x-www-form-urlencoded',
+                    'content' => $post_data,
+                ],
             ];
 
             $context  = stream_context_create($opts);

protected/controllers/CallArchiveController.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Acoes do modulo "Call".
  *
@@ -83,7 +84,7 @@ public function init()
 
         parent::init();
 
-        if ( ! Yii::app()->session['isAdmin']) {
+        if (! Yii::app()->session['isAdmin']) {
             $this->extraValues = [
                 'idUser'   => 'username',
                 'idPlan'   => 'name',
@@ -202,9 +203,7 @@ public function actionDownloadRecord()
 
             $folder = $this->magnusFilesDirectory . 'monitor';
 
-            if ( ! file_exists($folder)) {
-                mkdir($folder, 0777, true);
-            }
+
             array_map('unlink', glob("$folder/*"));
 
             if (count($modelCdr)) {
@@ -282,5 +281,4 @@ public function actionGetTotal()
         $modelCall->totalCall      = number_format($modelCall->sumsessionbill - $modelCall->sumbuycost, 4);
         echo json_encode($modelCall);
     }
-
 }