Updated showImage file serving to not be traversable

For #3030
2025-08-09 10:22:51 +03:00 · 2021-10-31 23:53:17 +00:00
parent ae155d6745
commit 43830a372f
4 changed files with 84 additions and 14 deletions
--- a/app/Uploads/AttachmentService.php
+++ b/app/Uploads/AttachmentService.php
@@ -27,7 +27,7 @@ class AttachmentService
    /**
     * Get the storage that will be used for storing files.
     */
-    protected function getStorage(): FileSystemInstance
+    protected function getStorageDisk(): FileSystemInstance
    {
        return $this->fileSystem->disk($this->getStorageDiskName());
    }
@@ -70,7 +70,7 @@ class AttachmentService
     */
    public function getAttachmentFromStorage(Attachment $attachment): string
    {
-        return $this->getStorage()->get($this->adjustPathForStorageDisk($attachment->path));
+        return $this->getStorageDisk()->get($this->adjustPathForStorageDisk($attachment->path));
    }

    /**
@@ -195,7 +195,7 @@ class AttachmentService
     */
    protected function deleteFileInStorage(Attachment $attachment)
    {
-        $storage = $this->getStorage();
+        $storage = $this->getStorageDisk();
        $dirPath = $this->adjustPathForStorageDisk(dirname($attachment->path));

        $storage->delete($this->adjustPathForStorageDisk($attachment->path));
@@ -213,7 +213,7 @@ class AttachmentService
    {
        $attachmentData = file_get_contents($uploadedFile->getRealPath());

-        $storage = $this->getStorage();
+        $storage = $this->getStorageDisk();
        $basePath = 'uploads/files/' . date('Y-m-M') . '/';

        $uploadFileName = Str::random(16) . '.' . $uploadedFile->getClientOriginalExtension();