From 8dd71f99ccf4fe17704652e444d67b0c85386cf2 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 22 Apr 2024 13:54:19 +0100 Subject: [PATCH 1/2] Added ico, image/x-icon,image/vnd.microsoft.icon to favicon validation Signed-off-by: snipe --- app/Http/Requests/ImageUploadRequest.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app/Http/Requests/ImageUploadRequest.php b/app/Http/Requests/ImageUploadRequest.php index 25156181e9..9677111059 100644 --- a/app/Http/Requests/ImageUploadRequest.php +++ b/app/Http/Requests/ImageUploadRequest.php @@ -36,6 +36,7 @@ class ImageUploadRequest extends Request return [ 'image' => 'mimes:png,gif,jpg,jpeg,svg,bmp,svg+xml,webp,avif', 'avatar' => 'mimes:png,gif,jpg,jpeg,svg,bmp,svg+xml,webp,avif', + 'favicon' => 'mimes:png,gif,jpg,jpeg,svg,bmp,svg+xml,webp,image/x-icon,image/vnd.microsoft.icon,ico', ]; } @@ -103,9 +104,9 @@ class ImageUploadRequest extends Request \Log::info('File name will be: '.$file_name); \Log::debug('File extension is: '.$ext); - if (($image->getMimeType() == 'image/avif') || ($image->getMimeType() == 'image/webp')) { - // If the file is a webp or avif, we need to just move it since webp support - // needs to be compiled into gd for resizing to be available + if (($image->getMimeType() == 'image/vnd.microsoft.icon') || ($image->getMimeType() == 'image/x-icon') || ($image->getMimeType() == 'image/avif') || ($image->getMimeType() == 'image/webp')) { + // If the file is an icon, webp or avif, we need to just move it since gd doesn't support resizing + // icons or avif, and webp support and needs to be compiled into gd for resizing to be available Storage::disk('public')->put($path.'/'.$file_name, file_get_contents($image)); } elseif($image->getMimeType() == 'image/svg+xml') { From 2aa3ce15bd7981eb12cf57b8c4084c7a02e4dd1b Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 22 Apr 2024 14:55:02 +0100 Subject: [PATCH 2/2] Removed escaping on notes for file uploads Signed-off-by: snipe --- app/Http/Controllers/AssetModelsFilesController.php | 2 +- app/Http/Controllers/Assets/AssetFilesController.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/AssetModelsFilesController.php b/app/Http/Controllers/AssetModelsFilesController.php index a5419b428d..a4472c3504 100644 --- a/app/Http/Controllers/AssetModelsFilesController.php +++ b/app/Http/Controllers/AssetModelsFilesController.php @@ -38,7 +38,7 @@ class AssetModelsFilesController extends Controller $file_name = $request->handleFile('private_uploads/assetmodels/','model-'.$model->id,$file); - $model->logUpload($file_name, e($request->get('notes'))); + $model->logUpload($file_name, $request->get('notes')); } return redirect()->back()->with('success', trans('general.file_upload_success')); diff --git a/app/Http/Controllers/Assets/AssetFilesController.php b/app/Http/Controllers/Assets/AssetFilesController.php index 7f4258bda2..7debfb479c 100644 --- a/app/Http/Controllers/Assets/AssetFilesController.php +++ b/app/Http/Controllers/Assets/AssetFilesController.php @@ -38,7 +38,7 @@ class AssetFilesController extends Controller foreach ($request->file('file') as $file) { $file_name = $request->handleFile('private_uploads/assets/','hardware-'.$asset->id, $file); - $asset->logUpload($file_name, e($request->get('notes'))); + $asset->logUpload($file_name, $request->get('notes')); } return redirect()->back()->with('success', trans('admin/hardware/message.upload.success'));