use BookStack\Settings\Setting;
use BookStack\Settings\SettingService;
use Illuminate\Database\Eloquent\Relations\Relation;
+use Illuminate\Http\UploadedFile;
use Illuminate\Support\ServiceProvider;
use Schema;
use Validator;
*/
public function boot()
{
+ // Custom validation methods
+ Validator::extend('image_extension', function ($attribute, $value, $parameters, $validator) {
+ $validImageExtensions = ['png', 'jpg', 'jpeg', 'bmp', 'gif', 'tiff', 'webp'];
+ return in_array(strtolower($value->getClientOriginalExtension()), $validImageExtensions);
+ });
+
+
// Custom blade view directives
Blade::directive('icon', function ($expression) {
return "<?php echo icon($expression); ?>";
'filled' => 'The :attribute field is required.',
'exists' => 'The selected :attribute is invalid.',
'image' => 'The :attribute must be an image.',
+ 'image_extension' => 'The :attribute must have a valid & supported image extension.',
'in' => 'The selected :attribute is invalid.',
'integer' => 'The :attribute must be an integer.',
'ip' => 'The :attribute must be a valid IP address.',
]);
}
+ public function test_php_like_files_cannot_be_uploaded()
+ {
+ $page = Page::first();
+ $admin = $this->getAdmin();
+ $this->actingAs($admin);
+
+ $fileName = 'bad.phtml';
+ $relPath = $this->getTestImagePath('gallery', $fileName);
+ $this->deleteImage($relPath);
+
+ $file = $this->getTestImage($fileName);
+ $upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery/upload', ['uploaded_to' => $page->id], [], ['file' => $file], []);
+ $upload->assertStatus(302);
+
+ $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded php file was uploaded but should have been stopped');
+
+ $this->assertDatabaseMissing('images', [
+ 'type' => 'gallery',
+ 'name' => $fileName
+ ]);
+ }
+
public function test_secure_images_uploads_to_correct_place()
{
config()->set('filesystems.default', 'local_secure');
$this->asEditor();
- $galleryFile = $this->getTestImage('my-secure-test-upload');
+ $galleryFile = $this->getTestImage('my-secure-test-upload.png');
$page = Page::first();
- $expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m-M') . '/my-secure-test-upload');
+ $expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m-M') . '/my-secure-test-upload.png');
$upload = $this->call('POST', '/images/gallery/upload', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
$upload->assertStatus(200);
{
config()->set('filesystems.default', 'local_secure');
$this->asEditor();
- $galleryFile = $this->getTestImage('my-secure-test-upload');
+ $galleryFile = $this->getTestImage('my-secure-test-upload.png');
$page = Page::first();
- $expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m-M') . '/my-secure-test-upload');
+ $expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m-M') . '/my-secure-test-upload.png');
$upload = $this->call('POST', '/images/gallery/upload', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
$imageUrl = json_decode($upload->getContent(), true)['url'];
{
config()->set('filesystems.default', 'local_secure');
$this->asEditor();
- $galleryFile = $this->getTestImage('my-system-test-upload');
+ $galleryFile = $this->getTestImage('my-system-test-upload.png');
$page = Page::first();
- $expectedPath = public_path('uploads/images/system/' . Date('Y-m-M') . '/my-system-test-upload');
+ $expectedPath = public_path('uploads/images/system/' . Date('Y-m-M') . '/my-system-test-upload.png');
$upload = $this->call('POST', '/images/system/upload', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
$upload->assertStatus(200);
projects / bookstack / commitdiff