webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-28 17:02:04 +03:00
Code Activity

Merge branch 'master' of git://github.com/webfoersterei/BookStack into webfoersterei-master

Browse Source
This commit is contained in:
Dan Brown
2021-03-14 22:55:30 +00:00
parent b929c0adbb 745d15d200
commit c1f67372a7
35 changed files with 25 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/Controller.php
View File

@ -159,6 +159,6 @@ abstract class Controller extends BaseController
*/
protected function getImageValidationRules(): string
{
return 'image_extension|no_double_extension|mimes:jpeg,png,gif,webp';
return 'image_extension|mimes:jpeg,png,gif,webp';
}
}

5
app/Providers/CustomValidationServiceProvider.php
View File

@ -18,11 +18,6 @@ class CustomValidationServiceProvider extends ServiceProvider
return in_array(strtolower($value->getClientOriginalExtension()), $validImageExtensions);
});
Validator::extend('no_double_extension', function ($attribute, $value, $parameters, $validator) {
$uploadName = $value->getClientOriginalName();
return substr_count($uploadName, '.') < 2;
});
Validator::extend('safe_url', function ($attribute, $value, $parameters, $validator) {
$cleanLinkName = strtolower(trim($value));
$isJs = strpos($cleanLinkName, 'javascript:') === 0;

13
app/Uploads/ImageService.php
View File

@ -60,7 +60,7 @@ class ImageService
int $resizeHeight = null,
bool $keepRatio = true
) {
$imageName = $uploadedFile->getClientOriginalName();
$imageName = $this->sanitizeFileName($uploadedFile->getClientOriginalName());
$imageData = file_get_contents($uploadedFile->getRealPath());
if ($resizeWidth !== null || $resizeHeight !== null) {
@ -426,4 +426,15 @@ class ImageService
$basePath = ($this->storageUrl == false) ? url('/') : $this->storageUrl;
return rtrim($basePath, '/') . $filePath;
}
/**
* Returns a sanitized filename with only one file extension
*/
private function sanitizeFileName(string $fileName): string
{
$parts = explode('.', $fileName);
$extension = array_pop($parts);
return sprintf('%s.%s', implode('-', $parts), $extension);
}
}