diff --git a/Controller/Customer.php b/Controller/Customer.php index 752d5e9..304de7c 100755 --- a/Controller/Customer.php +++ b/Controller/Customer.php @@ -129,6 +129,7 @@ public function Account(Request $request) // Profile upload validation $validMimeType = ['image/jpeg', 'image/png', 'image/jpg']; + if (isset($dataFiles['profileImage'])) { if (!in_array($dataFiles['profileImage']->getMimeType(), $validMimeType)) { $this->addFlash('warning', $this->translator->trans('Error ! Profile image is not valid, please upload a valid format')); @@ -136,6 +137,13 @@ public function Account(Request $request) } } + if (isset($dataFiles['profileImage'])) { + if (strpos($dataFiles['profileImage']->getClientOriginalName(), '.php') !== false) { + $this->addFlash('warning', $this->translator->trans('Error ! Profile image is not valid, please upload a valid format')); + return $this->redirect($this->generateUrl('helpdesk_customer_account')); + } + } + $checkUser = $em->getRepository(CoreEntites\User::class)->findOneBy(array('email'=>$data['email'])); $errorFlag = 0; diff --git a/Controller/Website.php b/Controller/Website.php index 5fa064d..a6f7fab 100644 --- a/Controller/Website.php +++ b/Controller/Website.php @@ -136,6 +136,9 @@ public function viewFolder(Request $request) if(!$solution) $this->noResultFound(); + if ($solution->getVisibility() == 'private') + return $this->redirect($this->generateUrl('helpdesk_knowledgebase')); + $breadcrumbs = [ [ 'label' => $this->translator->trans('Support Center'), @@ -183,6 +186,9 @@ public function viewFolderArticle(Request $request) if(!$solution) $this->noResultFound(); + + if ($solution->getVisibility() == 'private') + return $this->redirect($this->generateUrl('helpdesk_knowledgebase')); $breadcrumbs = [ [