]> BookStack Code Mirror - bookstack/commitdiff
projects / bookstack / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: 4360da0)
Updated attachments to not be saved with a complete extension
authorDan Brown <redacted>
Mon, 1 Nov 2021 11:32:00 +0000 (11:32 +0000)
committerDan Brown <redacted>
Mon, 1 Nov 2021 11:32:00 +0000 (11:32 +0000)
Intended to limit impact in the event the storage path is potentially
exposed.

app/Auth/User.php patch | blob | history
app/Uploads/AttachmentService.php patch | blob | history
app/Uploads/ImageService.php patch | blob | history
tests/Uploads/AttachmentTest.php patch | blob | history

diff --git a/app/Auth/User.php b/app/Auth/User.php
index 0a6849fe008323aca74f08cf108441a78b59a0c6..da47a9d695778dd49c9d0cf1e9a8295c899cbc5b 100644 (file)
--- a/app/Auth/User.php
+++ b/app/Auth/User.php
@@ -27,7 +27,7 @@ use Illuminate\Support\Collection;
 /**
  * Class User.
  *
- * @property string     $id
+ * @property int        $id
  * @property string     $name
  * @property string     $slug
  * @property string     $email
diff --git a/app/Uploads/AttachmentService.php b/app/Uploads/AttachmentService.php
index c9cd99b389b2a068874fbd003e13b1c0724de8ec..52954d24f976853b4e8cc8baf0adac8d93e0933e 100644 (file)
--- a/app/Uploads/AttachmentService.php
+++ b/app/Uploads/AttachmentService.php
@@ -216,7 +216,7 @@ class AttachmentService
         $storage = $this->getStorageDisk();
         $basePath = 'uploads/files/' . date('Y-m-M') . '/';
 
-        $uploadFileName = Str::random(16) . '.' . $uploadedFile->getClientOriginalExtension();
+        $uploadFileName = Str::random(16) . '-' . $uploadedFile->getClientOriginalExtension();
         while ($storage->exists($this->adjustPathForStorageDisk($basePath . $uploadFileName))) {
             $uploadFileName = Str::random(3) . $uploadFileName;
         }
diff --git a/app/Uploads/ImageService.php b/app/Uploads/ImageService.php
index eb2fc57b802cf457fab9cee033185cdc7c7b1e33..0c3dfc47d356653dda543aac2508ec63490cb9db 100644 (file)
--- a/app/Uploads/ImageService.php
+++ b/app/Uploads/ImageService.php
@@ -11,11 +11,11 @@ use Illuminate\Contracts\Filesystem\FileNotFoundException;
 use Illuminate\Contracts\Filesystem\Filesystem as FileSystemInstance;
 use Illuminate\Contracts\Filesystem\Filesystem as Storage;
 use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Str;
 use Intervention\Image\Exception\NotSupportedException;
 use Intervention\Image\ImageManager;
 use League\Flysystem\Util;
-use Log;
 use Psr\SimpleCache\InvalidArgumentException;
 use Symfony\Component\HttpFoundation\File\UploadedFile;
 use Symfony\Component\HttpFoundation\StreamedResponse;
diff --git a/tests/Uploads/AttachmentTest.php b/tests/Uploads/AttachmentTest.php
index 26f092bcc3b5c0039f823ff0d43c4457e0c8de3d..1682577bfe6e6c8b7b2286f5ffc267f6930d49d2 100644 (file)
--- a/tests/Uploads/AttachmentTest.php
+++ b/tests/Uploads/AttachmentTest.php
@@ -109,7 +109,8 @@ class AttachmentTest extends TestCase
 
         $attachment = Attachment::query()->orderBy('id', 'desc')->first();
         $this->assertStringNotContainsString($fileName, $attachment->path);
-        $this->assertStringEndsWith('.txt', $attachment->path);
+        $this->assertStringEndsWith('-txt', $attachment->path);
+        $this->deleteUploads();
     }
 
     public function test_file_display_and_access()
The core source code for the BookStack project.