X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/1bfd77e7a15cd52b2ccfa221ea90019438c2fbc1..refs/pull/632/head:/app/Http/Controllers/ImageController.php

diff --git a/app/Http/Controllers/ImageController.php b/app/Http/Controllers/ImageController.php
index 81e300a68..e675bff0c 100644
--- a/app/Http/Controllers/ImageController.php
+++ b/app/Http/Controllers/ImageController.php
@@ -1,6 +1,7 @@
 <?php namespace BookStack\Http\Controllers;
 
 use BookStack\Exceptions\ImageUploadException;
+use BookStack\Exceptions\NotFoundException;
 use BookStack\Repos\EntityRepo;
 use BookStack\Repos\ImageRepo;
 use Illuminate\Filesystem\Filesystem as File;
@@ -28,6 +29,21 @@ class ImageController extends Controller
         parent::__construct();
     }
 
+    /**
+     * Provide an image file from storage.
+     * @param string $path
+     * @return mixed
+     */
+    public function showImage(string $path)
+    {
+        $path = storage_path('uploads/images/' . $path);
+        if (!file_exists($path)) {
+            abort(404);
+        }
+
+        return response()->file($path);
+    }
+
     /**
      * Get all images for a specific type, Paginated
      * @param string $type
@@ -104,7 +120,10 @@ class ImageController extends Controller
         $this->validate($request, [
             'file' => 'is_image'
         ]);
-        // TODO - Restrict & validate types
+
+        if (!$this->imageRepo->isValidType($type)) {
+            return $this->jsonError(trans('errors.image_upload_type_error'));
+        }
 
         $imageUpload = $request->file('file');