diff --git a/app/Http/Controllers/Accessories/AccessoriesFilesController.php b/app/Http/Controllers/Accessories/AccessoriesFilesController.php index 939ab81260..6a94a897af 100644 --- a/app/Http/Controllers/Accessories/AccessoriesFilesController.php +++ b/app/Http/Controllers/Accessories/AccessoriesFilesController.php @@ -146,7 +146,7 @@ class AccessoriesFilesController extends Controller $this->authorize('view', $accessory); $this->authorize('accessories.files', $accessory); - if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $accessory->id)->first()) { + if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $accessory->id)->find($fileId)) { return redirect()->route('accessories.index')->with('error', trans('admin/users/message.log_record_not_found')); } diff --git a/app/Http/Controllers/Assets/AssetFilesController.php b/app/Http/Controllers/Assets/AssetFilesController.php index cfe8055bd6..610705c604 100644 --- a/app/Http/Controllers/Assets/AssetFilesController.php +++ b/app/Http/Controllers/Assets/AssetFilesController.php @@ -86,7 +86,7 @@ class AssetFilesController extends Controller if (isset($asset->id)) { $this->authorize('view', $asset); - if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $asset->id)->first()) { + if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $asset->id)->find($fileId)) { return response('No matching record for that asset/file', 500) ->header('Content-Type', 'text/plain'); } diff --git a/app/Http/Controllers/Components/ComponentsFilesController.php b/app/Http/Controllers/Components/ComponentsFilesController.php index d46dc05f9c..0f4e782aa8 100644 --- a/app/Http/Controllers/Components/ComponentsFilesController.php +++ b/app/Http/Controllers/Components/ComponentsFilesController.php @@ -142,7 +142,7 @@ class ComponentsFilesController extends Controller $this->authorize('view', $component); $this->authorize('components.files', $component); - if (! $log = Actionlog::find($fileId)) { + if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $component->id)->find($fileId)) { return response('No matching record for that asset/file', 500) ->header('Content-Type', 'text/plain'); } diff --git a/app/Http/Controllers/Consumables/ConsumablesFilesController.php b/app/Http/Controllers/Consumables/ConsumablesFilesController.php index 4d9d1d5f7d..6053e82cca 100644 --- a/app/Http/Controllers/Consumables/ConsumablesFilesController.php +++ b/app/Http/Controllers/Consumables/ConsumablesFilesController.php @@ -140,7 +140,7 @@ class ConsumablesFilesController extends Controller $this->authorize('view', $consumable); $this->authorize('consumables.files', $consumable); - if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $consumable->id)->first()) { + if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $consumable->id)->find($fileId)) { return response('No matching record for that asset/file', 500) ->header('Content-Type', 'text/plain'); } diff --git a/app/Http/Controllers/Licenses/LicenseFilesController.php b/app/Http/Controllers/Licenses/LicenseFilesController.php index 83fbc04903..f6f7c1ad0c 100644 --- a/app/Http/Controllers/Licenses/LicenseFilesController.php +++ b/app/Http/Controllers/Licenses/LicenseFilesController.php @@ -137,7 +137,7 @@ class LicenseFilesController extends Controller $this->authorize('view', $license); $this->authorize('licenses.files', $license); - if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $license->id)->first()) { + if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $license->id)->find($fileId)) { return response('No matching record for that asset/file', 500) ->header('Content-Type', 'text/plain'); } diff --git a/app/Http/Controllers/Users/UserFilesController.php b/app/Http/Controllers/Users/UserFilesController.php index d0778dd570..0b787306f9 100644 --- a/app/Http/Controllers/Users/UserFilesController.php +++ b/app/Http/Controllers/Users/UserFilesController.php @@ -136,6 +136,11 @@ class UserFilesController extends Controller */ public function show($userId = null, $fileId = null) { + + if (empty($fileId)) { + return redirect()->route('users.show')->with('error', 'Invalid file request'); + } + $user = User::find($userId); // the license is valid @@ -143,7 +148,7 @@ class UserFilesController extends Controller $this->authorize('view', $user); - if ($log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $user->id)->first()) { + if ($log = Actionlog::whereNotNull('filename')->where('item_id', $user->id)->find($fileId)) { // Display the file inline if (request('inline') == 'true') {