From c49abb6aeafbfbf43ebcb7e1a9c565288b72b9d9 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 17 Oct 2024 00:08:38 +0100 Subject: [PATCH] Refactor the UserFilesController show method for simpler inlining Signed-off-by: snipe --- .../Controllers/Users/UserFilesController.php | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/app/Http/Controllers/Users/UserFilesController.php b/app/Http/Controllers/Users/UserFilesController.php index c155570513..377692965b 100644 --- a/app/Http/Controllers/Users/UserFilesController.php +++ b/app/Http/Controllers/Users/UserFilesController.php @@ -113,6 +113,9 @@ class UserFilesController extends Controller public function show($userId = null, $fileId = null) { + + + if (empty($fileId)) { return redirect()->route('users.show')->with('error', 'Invalid file request'); } @@ -126,15 +129,21 @@ class UserFilesController extends Controller if ($log = Actionlog::whereNotNull('filename')->where('item_id', $user->id)->find($fileId)) { - // Display the file inline - if (request('inline') == 'true') { + $file = 'private_uploads/users/'.$log->filename; + + + if ((request('inline') == 'true') && (StorageHelper::allowSafeInline($file) === false)) { + + // Display the file as text is not allowed for security reasons $headers = [ 'Content-Disposition' => 'inline', + 'Content-Type' => 'text/plain', ]; - return Storage::download('private_uploads/users/'.$log->filename, $log->filename, $headers); + return Storage::download($file, $log->filename, $headers); + } - return Storage::download('private_uploads/users/'.$log->filename); + return Storage::download($file); } return redirect()->route('users.index')->with('error', trans('admin/users/message.log_record_not_found'));