Fixed issue where URL params in image names would cause loading failure

Updated file name handling to route through str:slug to be cleaned up a little. Added testing to cover. Fixes #2161
2025-06-05 01:24:38 +08:00 · 2020-07-25 11:18:40 +01:00
parent 03211ebea6
commit 8213ea9a71
3 changed files with 57 additions and 16 deletions
--- a/app/Uploads/ImageService.php
+++ b/app/Uploads/ImageService.php
@ -124,29 +124,24 @@ class ImageService extends UploadService
    }

    /**
-     * Saves a new image
-     * @param string $imageName
-     * @param string $imageData
-     * @param string $type
-     * @param int $uploadedTo
-     * @return Image
+     * Save a new image into storage.
     * @throws ImageUploadException
     */
-    private function saveNew($imageName, $imageData, $type, $uploadedTo = 0)
+    private function saveNew(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image
    {
        $storage = $this->getStorage($type);
        $secureUploads = setting('app-secure-images');
-        $imageName = str_replace(' ', '-', $imageName);
+        $fileName = $this->cleanImageFileName($imageName);

        $imagePath = '/uploads/images/' . $type . '/' . Date('Y-m') . '/';

-        while ($storage->exists($imagePath . $imageName)) {
-            $imageName = Str::random(3) . $imageName;
+        while ($storage->exists($imagePath . $fileName)) {
+            $fileName = Str::random(3) . $fileName;
        }

-        $fullPath = $imagePath . $imageName;
+        $fullPath = $imagePath . $fileName;
        if ($secureUploads) {
-            $fullPath = $imagePath . Str::random(16) . '-' . $imageName;
+            $fullPath = $imagePath . Str::random(16) . '-' . $fileName;
        }

        try {
@ -175,6 +170,23 @@ class ImageService extends UploadService
        return $image;
    }

+    /**
+     * Clean up an image file name to be both URL and storage safe.
+     */
+    protected function cleanImageFileName(string $name): string
+    {
+        $name = str_replace(' ', '-', $name);
+        $nameParts = explode('.', $name);
+        $extension = array_pop($nameParts);
+        $name = implode('.', $nameParts);
+        $name = Str::slug($name);
+
+        if (strlen($name) === 0) {
+            $name = Str::random(10);
+        }
+
+        return  $name . '.' . $extension;
+    }

    /**
     * Checks if the image is a gif. Returns true if it is, else false.