diff --git a/app/Http/Controllers/Accessories/AccessoriesFilesController.php b/app/Http/Controllers/Accessories/AccessoriesFilesController.php index 6a94a897af..f0de6354f7 100644 --- a/app/Http/Controllers/Accessories/AccessoriesFilesController.php +++ b/app/Http/Controllers/Accessories/AccessoriesFilesController.php @@ -4,28 +4,27 @@ namespace App\Http\Controllers\Accessories; use App\Helpers\StorageHelper; use App\Http\Controllers\Controller; -use App\Http\Requests\AssetFileRequest; +use App\Http\Requests\UploadFileRequest; use App\Models\Actionlog; use App\Models\Accessory; use Illuminate\Support\Facades\Response; use Illuminate\Support\Facades\Storage; use Symfony\Accessory\HttpFoundation\JsonResponse; -use enshrined\svgSanitize\Sanitizer; class AccessoriesFilesController extends Controller { /** * Validates and stores files associated with a accessory. * - * @todo Switch to using the AssetFileRequest form request validator. - * @author [A. Gianotto] [] - * @since [v1.0] - * @param AssetFileRequest $request + * @param UploadFileRequest $request * @param int $accessoryId * @return \Illuminate\Http\RedirectResponse * @throws \Illuminate\Auth\Access\AuthorizationException + *@author [A. Gianotto] [] + * @since [v1.0] + * @todo Switch to using the AssetFileRequest form request validator. */ - public function store(AssetFileRequest $request, $accessoryId = null) + public function store(UploadFileRequest $request, $accessoryId = null) { if (config('app.lock_passwords')) { @@ -45,30 +44,7 @@ class AccessoriesFilesController extends Controller foreach ($request->file('file') as $file) { - $extension = $file->getClientOriginalExtension(); - $file_name = 'accessory-'.$accessory->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension; - - - // Check for SVG and sanitize it - if ($extension == 'svg') { - \Log::debug('This is an SVG'); - \Log::debug($file_name); - - $sanitizer = new Sanitizer(); - $dirtySVG = file_get_contents($file->getRealPath()); - $cleanSVG = $sanitizer->sanitize($dirtySVG); - - try { - Storage::put('private_uploads/accessories/'.$file_name, $cleanSVG); - } catch (\Exception $e) { - \Log::debug('Upload no workie :( '); - \Log::debug($e); - } - - } else { - Storage::put('private_uploads/accessories/'.$file_name, file_get_contents($file)); - } - + $file_name = $request->handleFile('private_uploads/accessories/', 'accessory-'.$accessory->id, $file); //Log the upload to the log $accessory->logUpload($file_name, e($request->input('notes'))); } diff --git a/app/Http/Controllers/AssetModelsFilesController.php b/app/Http/Controllers/AssetModelsFilesController.php index 9889cd29ca..a5419b428d 100644 --- a/app/Http/Controllers/AssetModelsFilesController.php +++ b/app/Http/Controllers/AssetModelsFilesController.php @@ -3,26 +3,25 @@ namespace App\Http\Controllers; use App\Helpers\StorageHelper; -use App\Http\Requests\AssetFileRequest; +use App\Http\Requests\UploadFileRequest; use App\Models\Actionlog; use App\Models\AssetModel; use Illuminate\Support\Facades\Response; use Illuminate\Support\Facades\Storage; -use enshrined\svgSanitize\Sanitizer; class AssetModelsFilesController extends Controller { /** * Upload a file to the server. * - * @author [A. Gianotto] [] - * @param AssetFileRequest $request + * @param UploadFileRequest $request * @param int $modelId * @return Redirect - * @since [v1.0] * @throws \Illuminate\Auth\Access\AuthorizationException + *@since [v1.0] + * @author [A. Gianotto] [] */ - public function store(AssetFileRequest $request, $modelId = null) + public function store(UploadFileRequest $request, $modelId = null) { if (! $model = AssetModel::find($modelId)) { return redirect()->route('models.index')->with('error', trans('admin/hardware/message.does_not_exist')); @@ -37,27 +36,7 @@ class AssetModelsFilesController extends Controller foreach ($request->file('file') as $file) { - $extension = $file->getClientOriginalExtension(); - $file_name = 'model-'.$model->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension; - - // Check for SVG and sanitize it - if ($extension=='svg') { - \Log::debug('This is an SVG'); - - $sanitizer = new Sanitizer(); - $dirtySVG = file_get_contents($file->getRealPath()); - $cleanSVG = $sanitizer->sanitize($dirtySVG); - - try { - Storage::put('private_uploads/assetmodels/'.$file_name, $cleanSVG); - } catch (\Exception $e) { - \Log::debug('Upload no workie :( '); - \Log::debug($e); - } - } else { - Storage::put('private_uploads/assetmodels/'.$file_name, file_get_contents($file)); - } - + $file_name = $request->handleFile('private_uploads/assetmodels/','model-'.$model->id,$file); $model->logUpload($file_name, e($request->get('notes'))); } diff --git a/app/Http/Controllers/Assets/AssetFilesController.php b/app/Http/Controllers/Assets/AssetFilesController.php index 610705c604..7f4258bda2 100644 --- a/app/Http/Controllers/Assets/AssetFilesController.php +++ b/app/Http/Controllers/Assets/AssetFilesController.php @@ -4,26 +4,25 @@ namespace App\Http\Controllers\Assets; use App\Helpers\StorageHelper; use App\Http\Controllers\Controller; -use App\Http\Requests\AssetFileRequest; +use App\Http\Requests\UploadFileRequest; use App\Models\Actionlog; use App\Models\Asset; use Illuminate\Support\Facades\Response; use Illuminate\Support\Facades\Storage; -use enshrined\svgSanitize\Sanitizer; class AssetFilesController extends Controller { /** * Upload a file to the server. * - * @author [A. Gianotto] [] - * @param AssetFileRequest $request + * @param UploadFileRequest $request * @param int $assetId * @return Redirect - * @since [v1.0] * @throws \Illuminate\Auth\Access\AuthorizationException + *@since [v1.0] + * @author [A. Gianotto] [] */ - public function store(AssetFileRequest $request, $assetId = null) + public function store(UploadFileRequest $request, $assetId = null) { if (! $asset = Asset::find($assetId)) { return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist')); @@ -37,28 +36,7 @@ class AssetFilesController extends Controller } foreach ($request->file('file') as $file) { - - $extension = $file->getClientOriginalExtension(); - $file_name = 'hardware-'.$asset->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension; - - // Check for SVG and sanitize it - if ($extension=='svg') { - \Log::debug('This is an SVG'); - - $sanitizer = new Sanitizer(); - $dirtySVG = file_get_contents($file->getRealPath()); - $cleanSVG = $sanitizer->sanitize($dirtySVG); - - try { - Storage::put('private_uploads/assets/'.$file_name, $cleanSVG); - } catch (\Exception $e) { - \Log::debug('Upload no workie :( '); - \Log::debug($e); - } - } else { - Storage::put('private_uploads/assets/'.$file_name, file_get_contents($file)); - } - + $file_name = $request->handleFile('private_uploads/assets/','hardware-'.$asset->id, $file); $asset->logUpload($file_name, e($request->get('notes'))); } diff --git a/app/Http/Controllers/Components/ComponentsFilesController.php b/app/Http/Controllers/Components/ComponentsFilesController.php index 0f4e782aa8..55ae7f61b6 100644 --- a/app/Http/Controllers/Components/ComponentsFilesController.php +++ b/app/Http/Controllers/Components/ComponentsFilesController.php @@ -4,28 +4,27 @@ namespace App\Http\Controllers\Components; use App\Helpers\StorageHelper; use App\Http\Controllers\Controller; -use App\Http\Requests\AssetFileRequest; +use App\Http\Requests\UploadFileRequest; use App\Models\Actionlog; use App\Models\Component; use Illuminate\Support\Facades\Response; use Illuminate\Support\Facades\Storage; use Symfony\Component\HttpFoundation\JsonResponse; -use enshrined\svgSanitize\Sanitizer; class ComponentsFilesController extends Controller { /** * Validates and stores files associated with a component. * - * @todo Switch to using the AssetFileRequest form request validator. - * @author [A. Gianotto] [] - * @since [v1.0] - * @param AssetFileRequest $request + * @param UploadFileRequest $request * @param int $componentId * @return \Illuminate\Http\RedirectResponse * @throws \Illuminate\Auth\Access\AuthorizationException + *@author [A. Gianotto] [] + * @since [v1.0] + * @todo Switch to using the AssetFileRequest form request validator. */ - public function store(AssetFileRequest $request, $componentId = null) + public function store(UploadFileRequest $request, $componentId = null) { if (config('app.lock_passwords')) { @@ -43,30 +42,7 @@ class ComponentsFilesController extends Controller } foreach ($request->file('file') as $file) { - - $extension = $file->getClientOriginalExtension(); - $file_name = 'component-'.$component->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension; - - - // Check for SVG and sanitize it - if ($extension == 'svg') { - \Log::debug('This is an SVG'); - \Log::debug($file_name); - - $sanitizer = new Sanitizer(); - $dirtySVG = file_get_contents($file->getRealPath()); - $cleanSVG = $sanitizer->sanitize($dirtySVG); - - try { - Storage::put('private_uploads/components/'.$file_name, $cleanSVG); - } catch (\Exception $e) { - \Log::debug('Upload no workie :( '); - \Log::debug($e); - } - - } else { - Storage::put('private_uploads/components/'.$file_name, file_get_contents($file)); - } + $file_name = $request->handleFile('private_uploads/components/','component-'.$component->id, $file); //Log the upload to the log $component->logUpload($file_name, e($request->input('notes'))); diff --git a/app/Http/Controllers/Consumables/ConsumablesFilesController.php b/app/Http/Controllers/Consumables/ConsumablesFilesController.php index 6053e82cca..977261edcd 100644 --- a/app/Http/Controllers/Consumables/ConsumablesFilesController.php +++ b/app/Http/Controllers/Consumables/ConsumablesFilesController.php @@ -4,28 +4,27 @@ namespace App\Http\Controllers\Consumables; use App\Helpers\StorageHelper; use App\Http\Controllers\Controller; -use App\Http\Requests\AssetFileRequest; +use App\Http\Requests\UploadFileRequest; use App\Models\Actionlog; use App\Models\Consumable; use Illuminate\Support\Facades\Response; use Illuminate\Support\Facades\Storage; use Symfony\Consumable\HttpFoundation\JsonResponse; -use enshrined\svgSanitize\Sanitizer; class ConsumablesFilesController extends Controller { /** * Validates and stores files associated with a consumable. * - * @todo Switch to using the AssetFileRequest form request validator. - * @author [A. Gianotto] [] - * @since [v1.0] - * @param AssetFileRequest $request + * @param UploadFileRequest $request * @param int $consumableId * @return \Illuminate\Http\RedirectResponse * @throws \Illuminate\Auth\Access\AuthorizationException + *@author [A. Gianotto] [] + * @since [v1.0] + * @todo Switch to using the AssetFileRequest form request validator. */ - public function store(AssetFileRequest $request, $consumableId = null) + public function store(UploadFileRequest $request, $consumableId = null) { if (config('app.lock_passwords')) { return redirect()->route('consumables.show', ['consumable'=>$consumableId])->with('error', trans('general.feature_disabled')); @@ -42,30 +41,7 @@ class ConsumablesFilesController extends Controller } foreach ($request->file('file') as $file) { - - $extension = $file->getClientOriginalExtension(); - $file_name = 'consumable-'.$consumable->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension; - - - // Check for SVG and sanitize it - if ($extension == 'svg') { - \Log::debug('This is an SVG'); - \Log::debug($file_name); - - $sanitizer = new Sanitizer(); - $dirtySVG = file_get_contents($file->getRealPath()); - $cleanSVG = $sanitizer->sanitize($dirtySVG); - - try { - Storage::put('private_uploads/consumables/'.$file_name, $cleanSVG); - } catch (\Exception $e) { - \Log::debug('Upload no workie :( '); - \Log::debug($e); - } - - } else { - Storage::put('private_uploads/consumables/'.$file_name, file_get_contents($file)); - } + $file_name = $request->handleFile('private_uploads/consumables/','consumable-'.$consumable->id, $file); //Log the upload to the log $consumable->logUpload($file_name, e($request->input('notes'))); diff --git a/app/Http/Controllers/Licenses/LicenseFilesController.php b/app/Http/Controllers/Licenses/LicenseFilesController.php index f6f7c1ad0c..037d78d230 100644 --- a/app/Http/Controllers/Licenses/LicenseFilesController.php +++ b/app/Http/Controllers/Licenses/LicenseFilesController.php @@ -4,28 +4,27 @@ namespace App\Http\Controllers\Licenses; use App\Helpers\StorageHelper; use App\Http\Controllers\Controller; -use App\Http\Requests\AssetFileRequest; +use App\Http\Requests\UploadFileRequest; use App\Models\Actionlog; use App\Models\License; use Illuminate\Support\Facades\Response; use Illuminate\Support\Facades\Storage; use Symfony\Component\HttpFoundation\JsonResponse; -use enshrined\svgSanitize\Sanitizer; class LicenseFilesController extends Controller { /** * Validates and stores files associated with a license. * - * @todo Switch to using the AssetFileRequest form request validator. - * @author [A. Gianotto] [] - * @since [v1.0] - * @param AssetFileRequest $request + * @param UploadFileRequest $request * @param int $licenseId * @return \Illuminate\Http\RedirectResponse * @throws \Illuminate\Auth\Access\AuthorizationException + *@author [A. Gianotto] [] + * @since [v1.0] + * @todo Switch to using the AssetFileRequest form request validator. */ - public function store(AssetFileRequest $request, $licenseId = null) + public function store(UploadFileRequest $request, $licenseId = null) { $license = License::find($licenseId); @@ -38,30 +37,7 @@ class LicenseFilesController extends Controller } foreach ($request->file('file') as $file) { - - $extension = $file->getClientOriginalExtension(); - $file_name = 'license-'.$license->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension; - - - // Check for SVG and sanitize it - if ($extension == 'svg') { - \Log::debug('This is an SVG'); - \Log::debug($file_name); - - $sanitizer = new Sanitizer(); - $dirtySVG = file_get_contents($file->getRealPath()); - $cleanSVG = $sanitizer->sanitize($dirtySVG); - - try { - Storage::put('private_uploads/licenses/'.$file_name, $cleanSVG); - } catch (\Exception $e) { - \Log::debug('Upload no workie :( '); - \Log::debug($e); - } - - } else { - Storage::put('private_uploads/licenses/'.$file_name, file_get_contents($file)); - } + $file_name = $request->handleFile('private_uploads/licenses/','license-'.$license->id, $file); //Log the upload to the log $license->logUpload($file_name, e($request->input('notes'))); diff --git a/app/Http/Controllers/Users/UserFilesController.php b/app/Http/Controllers/Users/UserFilesController.php index 0b787306f9..87213f2498 100644 --- a/app/Http/Controllers/Users/UserFilesController.php +++ b/app/Http/Controllers/Users/UserFilesController.php @@ -4,14 +4,13 @@ namespace App\Http\Controllers\Users; use App\Helpers\StorageHelper; use App\Http\Controllers\Controller; -use App\Http\Requests\AssetFileRequest; +use App\Http\Requests\UploadFileRequest; use App\Models\Actionlog; use App\Models\User; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Input; use Illuminate\Support\Facades\Response; use Symfony\Component\HttpFoundation\JsonResponse; -use enshrined\svgSanitize\Sanitizer; use Illuminate\Support\Facades\Storage; class UserFilesController extends Controller @@ -19,14 +18,14 @@ class UserFilesController extends Controller /** * Return JSON response with a list of user details for the getIndex() view. * - * @author [A. Gianotto] [] - * @since [v1.6] - * @param AssetFileRequest $request + * @param UploadFileRequest $request * @param int $userId * @return string JSON * @throws \Illuminate\Auth\Access\AuthorizationException + *@author [A. Gianotto] [] + * @since [v1.6] */ - public function store(AssetFileRequest $request, $userId = null) + public function store(UploadFileRequest $request, $userId = null) { $user = User::find($userId); $destinationPath = config('app.private_uploads').'/users'; @@ -41,31 +40,7 @@ class UserFilesController extends Controller return redirect()->back()->with('error', trans('admin/users/message.upload.nofiles')); } foreach ($files as $file) { - - $extension = $file->getClientOriginalExtension(); - $file_name = 'user-'.$user->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension; - - - // Check for SVG and sanitize it - if ($extension == 'svg') { - \Log::debug('This is an SVG'); - \Log::debug($file_name); - - $sanitizer = new Sanitizer(); - - $dirtySVG = file_get_contents($file->getRealPath()); - $cleanSVG = $sanitizer->sanitize($dirtySVG); - - try { - Storage::put('private_uploads/users/'.$file_name, $cleanSVG); - } catch (\Exception $e) { - \Log::debug('Upload no workie :( '); - \Log::debug($e); - } - - } else { - Storage::put('private_uploads/users/'.$file_name, file_get_contents($file)); - } + $file_name = $request->handleFile('private_uploads/users/', 'user-'.$user->id, $file); //Log the uploaded file to the log $logAction = new Actionlog(); diff --git a/app/Http/Requests/AssetFileRequest.php b/app/Http/Requests/AssetFileRequest.php deleted file mode 100644 index 697b49f3d6..0000000000 --- a/app/Http/Requests/AssetFileRequest.php +++ /dev/null @@ -1,30 +0,0 @@ - 'required|mimes:png,gif,jpg,svg,jpeg,doc,docx,pdf,txt,zip,rar,xls,xlsx,lic,xml,rtf,json,webp|max:'.$max_file_size, - ]; - } -} diff --git a/app/Http/Requests/ImageUploadRequest.php b/app/Http/Requests/ImageUploadRequest.php index 09c8e3b583..6408b2b34b 100644 --- a/app/Http/Requests/ImageUploadRequest.php +++ b/app/Http/Requests/ImageUploadRequest.php @@ -103,7 +103,25 @@ class ImageUploadRequest extends Request \Log::info('File name will be: '.$file_name); \Log::debug('File extension is: '.$ext); - if (($image->getClientOriginalExtension() !== 'webp') && ($image->getClientOriginalExtension() !== 'svg')) { + if ($image->getMimeType() == 'image/webp') { + // If the file is a webp, we need to just move it since webp support + // needs to be compiled into gd for resizing to be available + + \Log::debug('This is a webp, just move it'); + Storage::disk('public')->put($path.'/'.$file_name, file_get_contents($image)); + } elseif($image->getMimeType() == 'image/svg+xml') { + // If the file is an SVG, we need to clean it and NOT encode it + \Log::debug('This is an SVG'); + $sanitizer = new Sanitizer(); + $dirtySVG = file_get_contents($image->getRealPath()); + $cleanSVG = $sanitizer->sanitize($dirtySVG); + + try { + Storage::disk('public')->put($path . '/' . $file_name, $cleanSVG); + } catch (\Exception $e) { + \Log::debug($e); + } + } else { \Log::debug('Not an SVG or webp - resize'); \Log::debug('Trying to upload to: '.$path.'/'.$file_name); @@ -125,25 +143,6 @@ class ImageUploadRequest extends Request // This requires a string instead of an object, so we use ($string) Storage::disk('public')->put($path.'/'.$file_name, (string) $upload->encode()); - } else { - // If the file is a webp, we need to just move it since webp support - // needs to be compiled into gd for resizing to be available - if ($image->getClientOriginalExtension() == 'webp') { - \Log::debug('This is a webp, just move it'); - Storage::disk('public')->put($path.'/'.$file_name, file_get_contents($image)); - // If the file is an SVG, we need to clean it and NOT encode it - } else { - \Log::debug('This is an SVG'); - $sanitizer = new Sanitizer(); - $dirtySVG = file_get_contents($image->getRealPath()); - $cleanSVG = $sanitizer->sanitize($dirtySVG); - - try { - Storage::disk('public')->put($path.'/'.$file_name, $cleanSVG); - } catch (\Exception $e) { - \Log::debug($e); - } - } } // Remove Current image if exists diff --git a/app/Http/Requests/UploadFileRequest.php b/app/Http/Requests/UploadFileRequest.php new file mode 100644 index 0000000000..74d33d58eb --- /dev/null +++ b/app/Http/Requests/UploadFileRequest.php @@ -0,0 +1,70 @@ + 'required|mimes:png,gif,jpg,svg,jpeg,doc,docx,pdf,txt,zip,rar,xls,xlsx,lic,xml,rtf,json,webp|max:'.$max_file_size, + ]; + } + + /** + * Sanitizes (if needed) and Saves a file to the appropriate location + * Returns the 'short' (storage-relative) filename + * + * TODO - this has a lot of similarities to UploadImageRequest's handleImage; is there + * a way to merge them or extend one into the other? + */ + public function handleFile(string $dirname, string $name_prefix, $file): string + { + $extension = $file->getClientOriginalExtension(); + $file_name = $name_prefix.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$file->guessExtension(); + + + \Log::debug("Your filetype IS: ".$file->getMimeType()); + // Check for SVG and sanitize it + if ($file->getMimeType() === 'image/svg+xml') { + \Log::debug('This is an SVG'); + \Log::debug($file_name); + + $sanitizer = new Sanitizer(); + $dirtySVG = file_get_contents($file->getRealPath()); + $cleanSVG = $sanitizer->sanitize($dirtySVG); + + try { + Storage::put($dirname.$file_name, $cleanSVG); + } catch (\Exception $e) { + \Log::debug('Upload no workie :( '); + \Log::debug($e); + } + + } else { + $put_results = Storage::put($dirname.$file_name, file_get_contents($file)); + \Log::debug("Here are the '$put_results' (should be 0 or 1 or true or false or something?)"); + } + return $file_name; + } +} diff --git a/resources/views/partials/forms/edit/image-upload.blade.php b/resources/views/partials/forms/edit/image-upload.blade.php index 577f90eaac..8e8419b4cd 100644 --- a/resources/views/partials/forms/edit/image-upload.blade.php +++ b/resources/views/partials/forms/edit/image-upload.blade.php @@ -36,7 +36,7 @@ {!! $errors->first('image', '') !!}