class AttachmentController extends Controller
{
protected $attachmentService;
- protected $attachment;
protected $pageRepo;
/**
* AttachmentController constructor.
*/
- public function __construct(AttachmentService $attachmentService, Attachment $attachment, PageRepo $pageRepo)
+ public function __construct(AttachmentService $attachmentService, PageRepo $pageRepo)
{
$this->attachmentService = $attachmentService;
- $this->attachment = $attachment;
$this->pageRepo = $pageRepo;
- parent::__construct();
}
'file' => 'required|file'
]);
- $attachment = $this->attachment->newQuery()->findOrFail($attachmentId);
+ $attachment = Attachment::query()->findOrFail($attachmentId);
$this->checkOwnablePermission('view', $attachment->page);
$this->checkOwnablePermission('page-update', $attachment->page);
$this->checkOwnablePermission('attachment-create', $attachment);
*/
public function getUpdateForm(string $attachmentId)
{
- $attachment = $this->attachment->findOrFail($attachmentId);
+ $attachment = Attachment::query()->findOrFail($attachmentId);
$this->checkOwnablePermission('page-update', $attachment->page);
$this->checkOwnablePermission('attachment-create', $attachment);
try {
$this->validate($request, [
'attachment_edit_name' => 'required|string|min:1|max:255',
- 'attachment_edit_url' => 'string|min:1|max:255'
+ 'attachment_edit_url' => 'string|min:1|max:255|safe_url'
]);
} catch (ValidationException $exception) {
return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [
$this->validate($request, [
'attachment_link_uploaded_to' => 'required|integer|exists:pages,id',
'attachment_link_name' => 'required|string|min:1|max:255',
- 'attachment_link_url' => 'required|string|min:1|max:255'
+ 'attachment_link_url' => 'required|string|min:1|max:255|safe_url'
]);
} catch (ValidationException $exception) {
return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [
$attachmentName = $request->get('attachment_link_name');
$link = $request->get('attachment_link_url');
- $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);
+ $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, intval($pageId));
return view('attachments.manager-link-form', [
'pageId' => $pageId,
* @throws FileNotFoundException
* @throws NotFoundException
*/
- public function get(string $attachmentId)
+ public function get(Request $request, string $attachmentId)
{
- $attachment = $this->attachment->findOrFail($attachmentId);
+ /** @var Attachment $attachment */
+ $attachment = Attachment::query()->findOrFail($attachmentId);
try {
$page = $this->pageRepo->getById($attachment->uploaded_to);
} catch (NotFoundException $exception) {
return redirect($attachment->path);
}
+ $fileName = $attachment->getFileName();
$attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
- return $this->downloadResponse($attachmentContents, $attachment->getFileName());
+
+ if ($request->get('open') === 'true') {
+ return $this->inlineDownloadResponse($attachmentContents, $fileName);
+ }
+ return $this->downloadResponse($attachmentContents, $fileName);
}
/**
*/
public function delete(string $attachmentId)
{
- $attachment = $this->attachment->findOrFail($attachmentId);
+ $attachment = Attachment::query()->findOrFail($attachmentId);
$this->checkOwnablePermission('attachment-delete', $attachment);
$this->attachmentService->deleteFile($attachment);
return response()->json(['message' => trans('entities.attachments_deleted')]);
projects / bookstack / blobdiff