TheCloneArmy/crater
1
0
Fork 1
mirror of https://github.com/crater-invoice/crater.git synced 2025-10-27 11:41:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

Module upload validation (#857)

Browse Source 
https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622/
This commit is contained in:
theWorstComrade
2022-03-29 09:25:35 +02:00
committed by GitHub
parent 4e7441a5cf
commit 7cde971f8b
4 changed files with 83 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Controllers/V1/Admin/Modules/UnzipModuleController.php
View File

@ -3,18 +3,18 @@
namespace Crater\Http\Controllers\V1\Admin\Modules; namespace Crater\Http\Controllers\V1\Admin\Modules;
use Crater\Http\Controllers\Controller; use Crater\Http\Controllers\Controller;
use Crater\Http\Requests\UnzipUpdateRequest;
use Crater\Space\ModuleInstaller; use Crater\Space\ModuleInstaller;
use Illuminate\Http\Request;
class UnzipModuleController extends Controller class UnzipModuleController extends Controller
{ {
/** /**
* Handle the incoming request. * Handle the incoming request.
* *
* @param \Illuminate\Http\Request $request * @param \Crater\Http\Requests\UnzipUpdateRequest $request
* @return \Illuminate\Http\Response * @return \Illuminate\Http\Response
*/ */
public function __invoke(Request $request) public function __invoke(UnzipUpdateRequest $request)
{ {
$this->authorize('manage modules'); $this->authorize('manage modules');

6
app/Http/Controllers/V1/Admin/Modules/UploadModuleController.php
View File

@ -3,18 +3,18 @@
namespace Crater\Http\Controllers\V1\Admin\Modules; namespace Crater\Http\Controllers\V1\Admin\Modules;
use Crater\Http\Controllers\Controller; use Crater\Http\Controllers\Controller;
use Crater\Http\Requests\UploadModuleRequest;
use Crater\Space\ModuleInstaller; use Crater\Space\ModuleInstaller;
use Illuminate\Http\Request;
class UploadModuleController extends Controller class UploadModuleController extends Controller
{ {
/** /**
* Handle the incoming request. * Handle the incoming request.
* *
* @param \Illuminate\Http\Request $request * @param \Crater\Http\Requests\UploadModuleRequest $request
* @return \Illuminate\Http\Response * @return \Illuminate\Http\Response
*/ */
public function __invoke(Request $request) public function __invoke(UploadModuleRequest $request)
{ {
$this->authorize('manage modules'); $this->authorize('manage modules');

37
app/Http/Requests/UnzipUpdateRequest.php Normal file
View File

@ -0,0 +1,37 @@
<?php
namespace Crater\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class UnzipUpdateRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'path' => [
'required',
'regex:/^[\.\/\w\-]+$/'
],
'module' => [
'required',
'string'
]
];
}
}

40
app/Http/Requests/UploadModuleRequest.php Normal file
View File

@ -0,0 +1,40 @@
<?php
namespace Crater\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class UploadModuleRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'avatar' => [
'required',
'file',
'mimes:zip',
'max:20000'
],
'module' => [
'required',
'string',
'max:100'
]
];
}
}