github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-05-23 15:19:58 +08:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Hardened image file validation by removing custom validation

Browse Source 
- Added test to check PHP files cannot be uploaded as an image.
This commit is contained in:
Dan Brown
2019-03-20 23:59:55 +00:00
parent 00703fa817
commit 37b91b6b0e
6 changed files with 31 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/Http/Controllers/ImageController.php
View File

@ -119,7 +119,7 @@ class ImageController extends Controller
{
$this->checkPermission('image-create-all');
$this->validate($request, [
'file' => 'is_image'
'file' => 'mimes:jpeg,png,gif,bmp,webp,tiff'
]);
if (!$this->imageRepo->isValidType($type)) {
@ -135,7 +135,6 @@ class ImageController extends Controller
return response($e->getMessage(), 500);
}
return response()->json($image);
}