From e7c7a472c12950d6276c3e802bde87f1e0c1945b Mon Sep 17 00:00:00 2001
From: denisdulici <denisdulici@gmail.com>
Date: Wed, 27 Jun 2018 17:01:26 +0300
Subject: [PATCH] validate import sheet name

---
 app/Http/Controllers/Expenses/Bills.php   | 16 +++++++++++++--
 app/Http/Controllers/Incomes/Invoices.php | 16 +++++++++++++--
 app/Utilities/Import.php                  | 24 ++++++++++++++++++++++-
 resources/lang/en-GB/messages.php         |  3 ++-
 4 files changed, 53 insertions(+), 6 deletions(-)

diff --git a/app/Http/Controllers/Expenses/Bills.php b/app/Http/Controllers/Expenses/Bills.php
index 62c3745cf..89bb9c922 100644
--- a/app/Http/Controllers/Expenses/Bills.php
+++ b/app/Http/Controllers/Expenses/Bills.php
@@ -275,9 +275,21 @@ class Bills extends Controller
     {
         $success = true;
 
+        $allowed_sheets = ['bills', 'bill_items', 'bill_histories', 'bill_payments', 'bill_totals'];
+
         // Loop through all sheets
-        $import->each(function ($sheet) use (&$success) {
-            $slug = 'Expense\\' . str_singular(studly_case($sheet->getTitle()));
+        $import->each(function ($sheet) use (&$success, $allowed_sheets) {
+            $sheet_title = $sheet->getTitle();
+
+            if (!in_array($sheet_title, $allowed_sheets)) {
+                $message = trans('messages.error.import_sheet');
+
+                flash($message)->error()->important();
+
+                return false;
+            }
+
+            $slug = 'Expense\\' . str_singular(studly_case($sheet_title));
 
             if (!$success = Import::createFromSheet($sheet, $slug)) {
                 return false;
diff --git a/app/Http/Controllers/Incomes/Invoices.php b/app/Http/Controllers/Incomes/Invoices.php
index 44aaed700..82ae135f5 100644
--- a/app/Http/Controllers/Incomes/Invoices.php
+++ b/app/Http/Controllers/Incomes/Invoices.php
@@ -296,9 +296,21 @@ class Invoices extends Controller
     {
         $success = true;
 
+        $allowed_sheets = ['invoices', 'invoice_items', 'invoice_histories', 'invoice_payments', 'invoice_totals'];
+
         // Loop through all sheets
-        $import->each(function ($sheet) use (&$success) {
-            $slug = 'Income\\' . str_singular(studly_case($sheet->getTitle()));
+        $import->each(function ($sheet) use (&$success, $allowed_sheets) {
+            $sheet_title = $sheet->getTitle();
+
+            if (!in_array($sheet_title, $allowed_sheets)) {
+                $message = trans('messages.error.import_sheet');
+
+                flash($message)->error()->important();
+
+                return false;
+            }
+
+            $slug = 'Income\\' . str_singular(studly_case($sheet_title));
 
             if (!$success = Import::createFromSheet($sheet, $slug)) {
                 return false;
diff --git a/app/Utilities/Import.php b/app/Utilities/Import.php
index 8e0367967..8db266ff9 100644
--- a/app/Utilities/Import.php
+++ b/app/Utilities/Import.php
@@ -13,6 +13,14 @@ class Import
 
         // Loop through all sheets
         $import->each(function ($sheet) use (&$success, $slug) {
+            if (!static::isValidSheetName($sheet, $slug)) {
+                $message = trans('messages.error.import_sheet');
+
+                flash($message)->error()->important();
+
+                return false;
+            }
+
             if (!$success = static::createFromSheet($sheet, $slug)) {
                 return false;
             }
@@ -46,7 +54,7 @@ class Import
 
                 $model::create($data);
             } catch (ValidationException $e) {
-                $message = trans('messages.error.import_failed', [
+                $message = trans('messages.error.import_column', [
                     'message' => $e->validator->errors()->first(),
                     'sheet' => $sheet->getTitle(),
                     'line' => $index + 2,
@@ -69,4 +77,18 @@ class Import
         return $success;
     }
 
+    public static function isValidSheetName($sheet, $slug)
+    {
+        $t = explode('\\', $slug);
+
+        if (empty($t[1])) {
+            return false;
+        }
+
+        if ($sheet->getTitle() != str_plural(snake_case($t[1]))) {
+            return false;
+        }
+
+        return true;
+    }
 }
\ No newline at end of file
diff --git a/resources/lang/en-GB/messages.php b/resources/lang/en-GB/messages.php
index 59336a662..4373f6cff 100644
--- a/resources/lang/en-GB/messages.php
+++ b/resources/lang/en-GB/messages.php
@@ -18,7 +18,8 @@ return [
         'no_file'           => 'Error: No file selected!',
         'last_category'     => 'Error: Can not delete the last :type category!',
         'invalid_token'     => 'Error: The token entered is invalid!',
-        'import_failed'     => 'Error: :message Sheet name: :sheet. Line number: :line.',
+        'import_column'     => 'Error: :message Sheet name: :sheet. Line number: :line.',
+        'import_sheet'      => 'Error: Sheet name is not valid. Please, check the sample file.',
     ],
     'warning' => [
         'deleted'           => 'Warning: You are not allowed to delete <b>:name</b> because it has :text related.',