BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/Controller.php

index 479d5ac15852be57d44370f433185c15839af226..d616974c6fd797c6bc063ca5989501c0a0f4024f 100644 (file)

--- a/app/Http/Controllers/Controller.php

+++ b/app/Http/Controllers/Controller.php

@@ -2,20 +2,21 @@

namespace BookStack\Http\Controllers;

+use BookStack\Exceptions\NotifyException;

use BookStack\Facades\Activity;

use BookStack\Interfaces\Loggable;

-use BookStack\HasCreatorAndUpdater;

use BookStack\Model;

+use BookStack\Util\WebSafeMimeSniffer;

use Illuminate\Foundation\Bus\DispatchesJobs;

use Illuminate\Foundation\Validation\ValidatesRequests;

-use Illuminate\Http\Exceptions\HttpResponseException;

use Illuminate\Http\JsonResponse;

use Illuminate\Http\Response;

use Illuminate\Routing\Controller as BaseController;

abstract class Controller extends BaseController

{

- use DispatchesJobs, ValidatesRequests;

+ use DispatchesJobs;

+ use ValidatesRequests;

/**

* Check if the current user is signed in.

@@ -47,17 +48,14 @@ abstract class Controller extends BaseController

/**

* On a permission error redirect to home and display.

* the error as a notification.

+ *

+ * @return never

protected function showPermissionError()

{

- if (request()->wantsJson()) {

- $response = response()->json(['error' => trans('errors.permissionJson')], 403);

- } else {

- $response = redirect('/');

- $this->showErrorNotification(trans('errors.permission'));

- }

+ $message = request()->wantsJson() ? trans('errors.permissionJson') : trans('errors.permission');

- throw new HttpResponseException($response);

+ throw new NotifyException($message, '/', 403);

}

/**

@@ -105,7 +103,7 @@ abstract class Controller extends BaseController

/**

* Send back a json error message.

- protected function jsonError(string $messageText = "", int $statusCode = 500): JsonResponse

+ protected function jsonError(string $messageText = '', int $statusCode = 500): JsonResponse

{

return response()->json(['message' => $messageText, 'status' => 'error'], $statusCode);

}

@@ -116,8 +114,24 @@ abstract class Controller extends BaseController

protected function downloadResponse(string $content, string $fileName): Response

{

return response()->make($content, 200, [

- 'Content-Type' => 'application/octet-stream',

- 'Content-Disposition' => 'attachment; filename="' . $fileName . '"'

+ 'Content-Type' => 'application/octet-stream',

+ 'Content-Disposition' => 'attachment; filename="' . $fileName . '"',

+ 'X-Content-Type-Options' => 'nosniff',

+ ]);

+ }

+ /**

+ * Create a file download response that provides the file with a content-type

+ * correct for the file, in a way so the browser can show the content in browser.

+ */

+ protected function inlineDownloadResponse(string $content, string $fileName): Response

+ {

+ $mime = (new WebSafeMimeSniffer())->sniff($content);

+ return response()->make($content, 200, [

+ 'Content-Type' => $mime,

+ 'Content-Disposition' => 'inline; filename="' . $fileName . '"',

+ 'X-Content-Type-Options' => 'nosniff',

]);

}

@@ -147,7 +161,8 @@ abstract class Controller extends BaseController

/**

* Log an activity in the system.

- * @param string|Loggable

+ *

+ * @param string|Loggable $detail

protected function logActivity(string $type, $detail = ''): void

{

@@ -157,8 +172,8 @@ abstract class Controller extends BaseController

/**

* Get the validation rules for image files.

- protected function getImageValidationRules(): string

+ protected function getImageValidationRules(): array

{

- return 'image_extension|no_double_extension|mimes:jpeg,png,gif,webp';

+ return ['image_extension', 'mimes:jpeg,png,gif,webp', 'max:' . (config('app.upload_limit') * 1000)];

}