validate import sheet name

app/Http/Controllers/Expenses/Bills.php

@@ -275,9 +275,21 @@ class Bills extends Controller
     {
         $success = true;
 
+        $allowed_sheets = ['bills', 'bill_items', 'bill_histories', 'bill_payments', 'bill_totals'];
+
         // Loop through all sheets
-        $import->each(function ($sheet) use (&$success) {
+        $import->each(function ($sheet) use (&$success, $allowed_sheets) {
-            $slug = 'Expense\\' . str_singular(studly_case($sheet->getTitle()));
+            $sheet_title = $sheet->getTitle();
+
+            if (!in_array($sheet_title, $allowed_sheets)) {
+                $message = trans('messages.error.import_sheet');
+
+                flash($message)->error()->important();
+
+                return false;
+            }
+
+            $slug = 'Expense\\' . str_singular(studly_case($sheet_title));
 
             if (!$success = Import::createFromSheet($sheet, $slug)) {
                 return false;

app/Http/Controllers/Incomes/Invoices.php

@@ -296,9 +296,21 @@ class Invoices extends Controller
     {
         $success = true;
 
+        $allowed_sheets = ['invoices', 'invoice_items', 'invoice_histories', 'invoice_payments', 'invoice_totals'];
+
         // Loop through all sheets
-        $import->each(function ($sheet) use (&$success) {
+        $import->each(function ($sheet) use (&$success, $allowed_sheets) {
-            $slug = 'Income\\' . str_singular(studly_case($sheet->getTitle()));
+            $sheet_title = $sheet->getTitle();
+
+            if (!in_array($sheet_title, $allowed_sheets)) {
+                $message = trans('messages.error.import_sheet');
+
+                flash($message)->error()->important();
+
+                return false;
+            }
+
+            $slug = 'Income\\' . str_singular(studly_case($sheet_title));
 
             if (!$success = Import::createFromSheet($sheet, $slug)) {
                 return false;

app/Utilities/Import.php

@@ -13,6 +13,14 @@ class Import
 
         // Loop through all sheets
         $import->each(function ($sheet) use (&$success, $slug) {
+            if (!static::isValidSheetName($sheet, $slug)) {
+                $message = trans('messages.error.import_sheet');
+
+                flash($message)->error()->important();
+
+                return false;
+            }
+
             if (!$success = static::createFromSheet($sheet, $slug)) {
                 return false;
             }
@@ -46,7 +54,7 @@ class Import
 
                 $model::create($data);
             } catch (ValidationException $e) {
-                $message = trans('messages.error.import_failed', [
+                $message = trans('messages.error.import_column', [
                     'message' => $e->validator->errors()->first(),
                     'sheet' => $sheet->getTitle(),
                     'line' => $index + 2,
@@ -69,4 +77,18 @@ class Import
         return $success;
     }
 
+    public static function isValidSheetName($sheet, $slug)
+    {
+        $t = explode('\\', $slug);
+
+        if (empty($t[1])) {
+            return false;
+        }
+
+        if ($sheet->getTitle() != str_plural(snake_case($t[1]))) {
+            return false;
+        }
+
+        return true;
+    }
 }

resources/lang/en-GB/messages.php

@@ -18,7 +18,8 @@ return [
         'no_file'           => 'Error: No file selected!',
         'last_category'     => 'Error: Can not delete the last :type category!',
         'invalid_token'     => 'Error: The token entered is invalid!',
-        'import_failed'     => 'Error: :message Sheet name: :sheet. Line number: :line.',
+        'import_column'     => 'Error: :message Sheet name: :sheet. Line number: :line.',
+        'import_sheet'      => 'Error: Sheet name is not valid. Please, check the sample file.',
     ],
     'warning' => [
         'deleted'           => 'Warning: You are not allowed to delete <b>:name</b> because it has :text related.',