X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/ae155d67454d6b9f6c93b2bb457aaa4b2eb1a9ed..refs/pull/3503/head:/app/Http/Controllers/Controller.php diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php index 3bccdcda4..f6dc1dbca 100644 --- a/app/Http/Controllers/Controller.php +++ b/app/Http/Controllers/Controller.php @@ -2,16 +2,14 @@ namespace BookStack\Http\Controllers; +use BookStack\Exceptions\NotifyException; use BookStack\Facades\Activity; +use BookStack\Http\Responses\DownloadResponseFactory; use BookStack\Interfaces\Loggable; use BookStack\Model; -use BookStack\Util\WebSafeMimeSniffer; -use finfo; use Illuminate\Foundation\Bus\DispatchesJobs; use Illuminate\Foundation\Validation\ValidatesRequests; -use Illuminate\Http\Exceptions\HttpResponseException; use Illuminate\Http\JsonResponse; -use Illuminate\Http\Response; use Illuminate\Routing\Controller as BaseController; abstract class Controller extends BaseController @@ -49,17 +47,14 @@ abstract class Controller extends BaseController /** * On a permission error redirect to home and display. * the error as a notification. + * + * @return never */ protected function showPermissionError() { - if (request()->wantsJson()) { - $response = response()->json(['error' => trans('errors.permissionJson')], 403); - } else { - $response = redirect('/'); - $this->showErrorNotification(trans('errors.permission')); - } + $message = request()->wantsJson() ? trans('errors.permissionJson') : trans('errors.permission'); - throw new HttpResponseException($response); + throw new NotifyException($message, '/', 403); } /** @@ -113,31 +108,11 @@ abstract class Controller extends BaseController } /** - * Create a response that forces a download in the browser. + * Create and return a new download response factory using the current request. */ - protected function downloadResponse(string $content, string $fileName): Response + protected function download(): DownloadResponseFactory { - return response()->make($content, 200, [ - 'Content-Type' => 'application/octet-stream', - 'Content-Disposition' => 'attachment; filename="' . $fileName . '"', - 'X-Content-Type-Options' => 'nosniff', - ]); - } - - /** - * Create a file download response that provides the file with a content-type - * correct for the file, in a way so the browser can show the content in browser. - */ - protected function inlineDownloadResponse(string $content, string $fileName): Response - { - - $mime = (new WebSafeMimeSniffer)->sniff($content); - - return response()->make($content, 200, [ - 'Content-Type' => $mime, - 'Content-Disposition' => 'inline; filename="' . $fileName . '"', - 'X-Content-Type-Options' => 'nosniff', - ]); + return new DownloadResponseFactory(request()); } /** @@ -167,7 +142,7 @@ abstract class Controller extends BaseController /** * Log an activity in the system. * - * @param string|Loggable + * @param string|Loggable $detail */ protected function logActivity(string $type, $detail = ''): void { @@ -177,8 +152,8 @@ abstract class Controller extends BaseController /** * Get the validation rules for image files. */ - protected function getImageValidationRules(): string + protected function getImageValidationRules(): array { - return 'image_extension|mimes:jpeg,png,gif,webp'; + return ['image_extension', 'mimes:jpeg,png,gif,webp', 'max:' . (config('app.upload_limit') * 1000)]; } }