From d886dcc7c3819a3e678cb81fc70a6735174574a3 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 24 Apr 2018 03:00:56 -0700 Subject: [PATCH 1/5] Reset skin for demo --- app/Console/Commands/ResetDemoSettings.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Console/Commands/ResetDemoSettings.php b/app/Console/Commands/ResetDemoSettings.php index 080fb0a359..1aff60c85e 100644 --- a/app/Console/Commands/ResetDemoSettings.php +++ b/app/Console/Commands/ResetDemoSettings.php @@ -55,6 +55,7 @@ class ResetDemoSettings extends Command $settings->ldap_enabled = 0; $settings->full_multiple_companies_support = 1; $settings->alt_barcode = 'C128'; + $settings->skin = ''; $settings->email_domain = 'snipeitapp.com'; $settings->email_format = 'filastname'; $settings->username_format = 'filastname'; From 103c75e78c1a5419e55fcdf6f22fcc72d155bf13 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 24 Apr 2018 03:12:17 -0700 Subject: [PATCH 2/5] Removed max cap in image validation --- app/Http/Requests/ImageUploadRequest.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Http/Requests/ImageUploadRequest.php b/app/Http/Requests/ImageUploadRequest.php index 45e45ac3b2..deaecfa61d 100644 --- a/app/Http/Requests/ImageUploadRequest.php +++ b/app/Http/Requests/ImageUploadRequest.php @@ -24,8 +24,8 @@ class ImageUploadRequest extends Request public function rules() { return [ - 'image' => 'mimes:png,gif,jpg,jpeg,svg|max:2000', - 'avatar' => 'mimes:png,gif,jpg,jpeg,svg|max:2000', + 'image' => 'mimes:png,gif,jpg,jpeg,svg', + 'avatar' => 'mimes:png,gif,jpg,jpeg,svg', ]; } From 8127484081bd34f15d35884391661864a78e2fd1 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 24 Apr 2018 03:12:30 -0700 Subject: [PATCH 3/5] Better error checking for private file display method --- app/Http/Controllers/AssetsController.php | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/app/Http/Controllers/AssetsController.php b/app/Http/Controllers/AssetsController.php index 7ce992ce52..5aeb089523 100755 --- a/app/Http/Controllers/AssetsController.php +++ b/app/Http/Controllers/AssetsController.php @@ -1012,7 +1012,11 @@ class AssetsController extends Controller if (isset($asset->id)) { $this->authorize('view', $asset); - $log = Actionlog::find($fileId); + if (!$log = Actionlog::find($fileId)) { + return response('No matching record for that asset/file', 500) + ->header('Content-Type', 'text/plain'); + + } $file = $log->get_src('assets'); @@ -1022,17 +1026,22 @@ class AssetsController extends Controller $filetype = Helper::checkUploadIsImage($file); + if (!file_exists($file)) { + return response('File '.$file.' not found on server', 404) + ->header('Content-Type', 'text/plain'); + } + if ($filetype) { - $contents = file_get_contents($file); - return Response::make($contents)->header('Content-Type', $filetype); + if ($contents = file_get_contents($file)) { + return Response::make($contents)->header('Content-Type', $filetype); + } + return JsonResponse::create(["error" => "Failed validation: "], 500); } return Response::download($file); } - // Prepare the error message - $error = trans('admin/hardware/message.does_not_exist', compact('id')); // Redirect to the hardware management page - return redirect()->route('hardware.index')->with('error', $error); + return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist', compact('id'))); } /** From 1708bb5cdf6fcf7bb0422ebe713df034d2baccda Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 24 Apr 2018 12:47:09 -0700 Subject: [PATCH 4/5] Fixes #5422 - remove extension ending from uploaded file name --- app/Http/Controllers/AssetsController.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/AssetsController.php b/app/Http/Controllers/AssetsController.php index 5aeb089523..03b13ca801 100755 --- a/app/Http/Controllers/AssetsController.php +++ b/app/Http/Controllers/AssetsController.php @@ -953,8 +953,7 @@ class AssetsController extends Controller if ($request->hasFile('assetfile')) { foreach ($request->file('assetfile') as $file) { $extension = $file->getClientOriginalExtension(); - $filename = 'hardware-'.$asset->id.'-'.str_random(8); - $filename .= '-'.str_slug($file->getClientOriginalName()).'.'.$extension; + $filename = 'hardware-'.$asset->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension; $file->move($destinationPath, $filename); $asset->logUpload($filename, e(Input::get('notes'))); } @@ -1331,7 +1330,7 @@ class AssetsController extends Controller try { $destinationPath = config('app.private_uploads').'/assets/audits'; $extension = $file->getClientOriginalExtension(); - $filename = 'audit-'.$asset->id.'-'.str_slug($file->getClientOriginalName()).'.'.$extension; + $filename = 'audit-'.$asset->id.'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension; $file->move($destinationPath, $filename); } catch (\Exception $e) { \Log::error($e); From 5acd225f0f3846fb77f70c798a7720e6f57c3f40 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 24 Apr 2018 12:48:58 -0700 Subject: [PATCH 5/5] Fixed #5423 - removed required text on preflight --- resources/views/setup/user.blade.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/views/setup/user.blade.php b/resources/views/setup/user.blade.php index 16beedab95..ad6ed17593 100644 --- a/resources/views/setup/user.blade.php +++ b/resources/views/setup/user.blade.php @@ -9,7 +9,7 @@ Create a User :: {{-- Page content --}} @section('content') -

This is the account information you'll use to access the site for the first time. All fields are required.

+

This is the account information you'll use to access the site for the first time.

{{ csrf_field() }}