From 8127484081bd34f15d35884391661864a78e2fd1 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 24 Apr 2018 03:12:30 -0700 Subject: [PATCH] Better error checking for private file display method --- app/Http/Controllers/AssetsController.php | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/app/Http/Controllers/AssetsController.php b/app/Http/Controllers/AssetsController.php index 7ce992ce52..5aeb089523 100755 --- a/app/Http/Controllers/AssetsController.php +++ b/app/Http/Controllers/AssetsController.php @@ -1012,7 +1012,11 @@ class AssetsController extends Controller if (isset($asset->id)) { $this->authorize('view', $asset); - $log = Actionlog::find($fileId); + if (!$log = Actionlog::find($fileId)) { + return response('No matching record for that asset/file', 500) + ->header('Content-Type', 'text/plain'); + + } $file = $log->get_src('assets'); @@ -1022,17 +1026,22 @@ class AssetsController extends Controller $filetype = Helper::checkUploadIsImage($file); + if (!file_exists($file)) { + return response('File '.$file.' not found on server', 404) + ->header('Content-Type', 'text/plain'); + } + if ($filetype) { - $contents = file_get_contents($file); - return Response::make($contents)->header('Content-Type', $filetype); + if ($contents = file_get_contents($file)) { + return Response::make($contents)->header('Content-Type', $filetype); + } + return JsonResponse::create(["error" => "Failed validation: "], 500); } return Response::download($file); } - // Prepare the error message - $error = trans('admin/hardware/message.does_not_exist', compact('id')); // Redirect to the hardware management page - return redirect()->route('hardware.index')->with('error', $error); + return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist', compact('id'))); } /**