diff --git a/app/Helpers/Attachments/AttachmentHelper.php b/app/Helpers/Attachments/AttachmentHelper.php index cbb6656967..375f5ec915 100644 --- a/app/Helpers/Attachments/AttachmentHelper.php +++ b/app/Helpers/Attachments/AttachmentHelper.php @@ -59,7 +59,7 @@ class AttachmentHelper implements AttachmentHelperInterface */ public function getAttachmentLocation(Attachment $attachment): string { - $path = sprintf('%s%sat-%d.data', storage_path('upload'), DIRECTORY_SEPARATOR, $attachment->id); + $path = sprintf('%s%sat-%d.data', storage_path('upload'), DIRECTORY_SEPARATOR, intval($attachment->id)); return $path; } diff --git a/app/Http/Controllers/ImportController.php b/app/Http/Controllers/ImportController.php index 7024bf46b8..877c9ab084 100644 --- a/app/Http/Controllers/ImportController.php +++ b/app/Http/Controllers/ImportController.php @@ -416,17 +416,24 @@ class ImportController extends Controller * @param ImportJob $job * * @return SetupInterface + * @throws FireflyException */ private function makeImporter(ImportJob $job): SetupInterface { // create proper importer (depends on job) - $type = $job->file_type; + $type = strtolower($job->file_type); - /** @var SetupInterface $importer */ - $importer = app('FireflyIII\Import\Setup\\' . ucfirst($type) . 'Setup'); - $importer->setJob($job); + // validate type: + $validTypes = array_keys('firefly.import_formats'); - return $importer; + if (in_array($type, $validTypes)) { + /** @var SetupInterface $importer */ + $importer = app('FireflyIII\Import\Setup\\' . ucfirst($type) . 'Setup'); + $importer->setJob($job); + + return $importer; + } + throw new FireflyException(sprintf('"%s" is not a valid file type', $type)); } diff --git a/app/Import/Importer/CsvImporter.php b/app/Import/Importer/CsvImporter.php index e377b9baa7..f356c25e47 100644 --- a/app/Import/Importer/CsvImporter.php +++ b/app/Import/Importer/CsvImporter.php @@ -11,6 +11,7 @@ declare(strict_types = 1); namespace FireflyIII\Import\Importer; +use FireflyIII\Exceptions\FireflyException; use FireflyIII\Import\Converter\ConverterInterface; use FireflyIII\Import\ImportEntry; use FireflyIII\Import\Specifics\SpecificInterface; @@ -120,8 +121,14 @@ class CsvImporter implements ImporterInterface foreach ($row as $rowIndex => $value) { // find the role for this column: - $role = $config['column-roles'][$rowIndex] ?? '_ignore'; - $doMap = $config['column-do-mapping'][$rowIndex] ?? false; + $role = $config['column-roles'][$rowIndex] ?? '_ignore'; + $doMap = $config['column-do-mapping'][$rowIndex] ?? false; + $validConverters = array_keys('csv.import_roles'); + + // throw error when not a valid converter. + if (!in_array($role, $validConverters)) { + throw new FireflyException(sprintf('"%s" is not a valid role.', $role)); + } $converterClass = config('csv.import_roles.' . $role . '.converter'); $mapping = $config['column-mapping-config'][$rowIndex] ?? []; $className = sprintf('FireflyIII\\Import\\Converter\\%s', $converterClass); diff --git a/app/Import/Setup/CsvSetup.php b/app/Import/Setup/CsvSetup.php index e5f6e6ca6f..50b5d1274b 100644 --- a/app/Import/Setup/CsvSetup.php +++ b/app/Import/Setup/CsvSetup.php @@ -14,6 +14,7 @@ namespace FireflyIII\Import\Setup; use ExpandedForm; use FireflyIII\Crud\Account\AccountCrud; +use FireflyIII\Exceptions\FireflyException; use FireflyIII\Import\Mapper\MapperInterface; use FireflyIII\Import\MapperPreProcess\PreProcessorInterface; use FireflyIII\Import\Specifics\SpecificInterface; @@ -326,6 +327,7 @@ class CsvSetup implements SetupInterface /** * @return array + * @throws FireflyException */ private function getDataForColumnMapping(): array { @@ -335,11 +337,19 @@ class CsvSetup implements SetupInterface foreach ($config['column-do-mapping'] as $index => $mustBeMapped) { if ($mustBeMapped) { - $column = $config['column-roles'][$index] ?? '_ignore'; + $column = $config['column-roles'][$index] ?? '_ignore'; + + // is valid column? + $validColumns = array_keys(config('csv.import_roles')); + if (!in_array($column, $validColumns)) { + throw new FireflyException(sprintf('"%s" is not a valid column.', $column)); + } + $canBeMapped = config('csv.import_roles.' . $column . '.mappable'); $preProcessMap = config('csv.import_roles.' . $column . '.pre-process-map'); if ($canBeMapped) { - $mapperName = '\FireflyIII\Import\Mapper\\' . config('csv.import_roles.' . $column . '.mapper'); + $mapperClass = config('csv.import_roles.' . $column . '.mapper'); + $mapperName = sprintf('\\FireflyIII\\Import\Mapper\\%s', $mapperClass); /** @var MapperInterface $mapper */ $mapper = new $mapperName; $indexes[] = $index; @@ -352,8 +362,11 @@ class CsvSetup implements SetupInterface 'values' => [], ]; if ($preProcessMap) { - $data[$index]['preProcessMap'] = '\FireflyIII\Import\MapperPreProcess\\' . - config('csv.import_roles.' . $column . '.pre-process-mapper'); + $preClass = sprintf( + '\\FireflyIII\\Import\\MapperPreProcess\\%s', + config('csv.import_roles.' . $column . '.pre-process-mapper') + ); + $data[$index]['preProcessMap'] = $preClass; } } @@ -365,15 +378,21 @@ class CsvSetup implements SetupInterface /** @var Reader $reader */ $reader = Reader::createFromString($content); $reader->setDelimiter($config['delimiter']); - $results = $reader->fetch(); + $results = $reader->fetch(); + $validSpecifics = array_keys('csv.import_specifics'); foreach ($results as $rowIndex => $row) { // run specifics here: // and this is the point where the specifix go to work. foreach ($config['specifics'] as $name => $enabled) { + + if (!in_array($name, $validSpecifics)) { + throw new FireflyException(sprintf('"%s" is not a valid class name', $name)); + } + $class = config('csv.import_specifics.' . $name); /** @var SpecificInterface $specific */ - $specific = app('FireflyIII\Import\Specifics\\' . $name); + $specific = app($class); // it returns the row, possibly modified: $row = $specific->run($row);