X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/2f6ff0734773c4ac009de699a2661971fd585b22..7d38c96a23f2d9127b4201f5ed80b5d75fefcefb:/app/Http/Controllers/AttachmentController.php diff --git a/app/Http/Controllers/AttachmentController.php b/app/Http/Controllers/AttachmentController.php index 0830693bc..f52143292 100644 --- a/app/Http/Controllers/AttachmentController.php +++ b/app/Http/Controllers/AttachmentController.php @@ -110,7 +110,7 @@ class AttachmentController extends Controller try { $this->validate($request, [ 'attachment_edit_name' => 'required|string|min:1|max:255', - 'attachment_edit_url' => 'string|min:1|max:255' + 'attachment_edit_url' => 'string|min:1|max:255|safe_url' ]); } catch (ValidationException $exception) { return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [ @@ -145,7 +145,7 @@ class AttachmentController extends Controller $this->validate($request, [ 'attachment_link_uploaded_to' => 'required|integer|exists:pages,id', 'attachment_link_name' => 'required|string|min:1|max:255', - 'attachment_link_url' => 'required|string|min:1|max:255' + 'attachment_link_url' => 'required|string|min:1|max:255|safe_url' ]); } catch (ValidationException $exception) { return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [ @@ -161,7 +161,7 @@ class AttachmentController extends Controller $attachmentName = $request->get('attachment_link_name'); $link = $request->get('attachment_link_url'); - $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId); + $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, intval($pageId)); return view('attachments.manager-link-form', [ 'pageId' => $pageId,