From 7270d65bda011bd792f15ae376e6b682d62bc362 Mon Sep 17 00:00:00 2001 From: theworstcomrade <4lbercik@gmail.com> Date: Sat, 20 Nov 2021 00:17:18 +0100 Subject: [PATCH] Document - fix stored xss https://huntr.dev/bounties/99c4ed09-b66f-474a-bd74-eeccf9339fde/ --- app/Http/Requests/Client/UploadClientRequest.php | 2 +- app/Http/Requests/Credit/UploadCreditRequest.php | 2 +- app/Http/Requests/Expense/UploadExpenseRequest.php | 2 +- app/Http/Requests/GroupSetting/UploadGroupSettingRequest.php | 2 +- app/Http/Requests/Invoice/UploadInvoiceRequest.php | 2 +- app/Http/Requests/Payment/UploadPaymentRequest.php | 2 +- app/Http/Requests/Product/UploadProductRequest.php | 2 +- app/Http/Requests/Project/UploadProjectRequest.php | 2 +- app/Http/Requests/Quote/UploadQuoteRequest.php | 2 +- .../Requests/RecurringExpense/UploadRecurringExpenseRequest.php | 2 +- .../Requests/RecurringInvoice/UploadRecurringInvoiceRequest.php | 2 +- .../Requests/RecurringQuote/UploadRecurringQuoteRequest.php | 2 +- app/Http/Requests/Task/UploadTaskRequest.php | 2 +- app/Http/Requests/Vendor/UploadVendorRequest.php | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/app/Http/Requests/Client/UploadClientRequest.php b/app/Http/Requests/Client/UploadClientRequest.php index ac6db347e..b7d66733f 100644 --- a/app/Http/Requests/Client/UploadClientRequest.php +++ b/app/Http/Requests/Client/UploadClientRequest.php @@ -31,7 +31,7 @@ class UploadClientRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/Credit/UploadCreditRequest.php b/app/Http/Requests/Credit/UploadCreditRequest.php index a1abc8dd3..8b3f8d29b 100644 --- a/app/Http/Requests/Credit/UploadCreditRequest.php +++ b/app/Http/Requests/Credit/UploadCreditRequest.php @@ -31,7 +31,7 @@ class UploadCreditRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/Expense/UploadExpenseRequest.php b/app/Http/Requests/Expense/UploadExpenseRequest.php index 3b586b5ae..42f17ed40 100644 --- a/app/Http/Requests/Expense/UploadExpenseRequest.php +++ b/app/Http/Requests/Expense/UploadExpenseRequest.php @@ -31,7 +31,7 @@ class UploadExpenseRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/GroupSetting/UploadGroupSettingRequest.php b/app/Http/Requests/GroupSetting/UploadGroupSettingRequest.php index ba2fb8a3c..0440e2fac 100644 --- a/app/Http/Requests/GroupSetting/UploadGroupSettingRequest.php +++ b/app/Http/Requests/GroupSetting/UploadGroupSettingRequest.php @@ -31,7 +31,7 @@ class UploadGroupSettingRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/Invoice/UploadInvoiceRequest.php b/app/Http/Requests/Invoice/UploadInvoiceRequest.php index 9ae6d76fa..ea908029e 100644 --- a/app/Http/Requests/Invoice/UploadInvoiceRequest.php +++ b/app/Http/Requests/Invoice/UploadInvoiceRequest.php @@ -31,7 +31,7 @@ class UploadInvoiceRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/Payment/UploadPaymentRequest.php b/app/Http/Requests/Payment/UploadPaymentRequest.php index 5e7532f4f..d696c15b2 100644 --- a/app/Http/Requests/Payment/UploadPaymentRequest.php +++ b/app/Http/Requests/Payment/UploadPaymentRequest.php @@ -31,7 +31,7 @@ class UploadPaymentRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/Product/UploadProductRequest.php b/app/Http/Requests/Product/UploadProductRequest.php index 4157e0300..1dd003f54 100644 --- a/app/Http/Requests/Product/UploadProductRequest.php +++ b/app/Http/Requests/Product/UploadProductRequest.php @@ -31,7 +31,7 @@ class UploadProductRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/Project/UploadProjectRequest.php b/app/Http/Requests/Project/UploadProjectRequest.php index 18638e254..fca4a55a7 100644 --- a/app/Http/Requests/Project/UploadProjectRequest.php +++ b/app/Http/Requests/Project/UploadProjectRequest.php @@ -31,7 +31,7 @@ class UploadProjectRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/Quote/UploadQuoteRequest.php b/app/Http/Requests/Quote/UploadQuoteRequest.php index 63d326ea5..7dc7458cb 100644 --- a/app/Http/Requests/Quote/UploadQuoteRequest.php +++ b/app/Http/Requests/Quote/UploadQuoteRequest.php @@ -31,7 +31,7 @@ class UploadQuoteRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/RecurringExpense/UploadRecurringExpenseRequest.php b/app/Http/Requests/RecurringExpense/UploadRecurringExpenseRequest.php index 12f5b1d1d..385554848 100644 --- a/app/Http/Requests/RecurringExpense/UploadRecurringExpenseRequest.php +++ b/app/Http/Requests/RecurringExpense/UploadRecurringExpenseRequest.php @@ -31,7 +31,7 @@ class UploadRecurringExpenseRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/RecurringInvoice/UploadRecurringInvoiceRequest.php b/app/Http/Requests/RecurringInvoice/UploadRecurringInvoiceRequest.php index 42a1bdb39..71a1ebb0b 100644 --- a/app/Http/Requests/RecurringInvoice/UploadRecurringInvoiceRequest.php +++ b/app/Http/Requests/RecurringInvoice/UploadRecurringInvoiceRequest.php @@ -31,7 +31,7 @@ class UploadRecurringInvoiceRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/RecurringQuote/UploadRecurringQuoteRequest.php b/app/Http/Requests/RecurringQuote/UploadRecurringQuoteRequest.php index 7018f6e96..bcd8a1841 100644 --- a/app/Http/Requests/RecurringQuote/UploadRecurringQuoteRequest.php +++ b/app/Http/Requests/RecurringQuote/UploadRecurringQuoteRequest.php @@ -31,7 +31,7 @@ class UploadRecurringQuoteRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/Task/UploadTaskRequest.php b/app/Http/Requests/Task/UploadTaskRequest.php index 791f44b13..fffe22a42 100644 --- a/app/Http/Requests/Task/UploadTaskRequest.php +++ b/app/Http/Requests/Task/UploadTaskRequest.php @@ -31,7 +31,7 @@ class UploadTaskRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules; diff --git a/app/Http/Requests/Vendor/UploadVendorRequest.php b/app/Http/Requests/Vendor/UploadVendorRequest.php index 6afb515b7..39bb97241 100644 --- a/app/Http/Requests/Vendor/UploadVendorRequest.php +++ b/app/Http/Requests/Vendor/UploadVendorRequest.php @@ -31,7 +31,7 @@ class UploadVendorRequest extends Request $rules = []; if($this->input('documents')) - $rules['documents'] = 'file|mimes:html,csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; + $rules['documents'] = 'file|mimes:csv,png,ai,jpeg,tiff,pdf,gif,psd,txt,doc,xls,ppt,xlsx,docx,pptx|max:2000000'; return $rules;