From f8b80854a727aa49bc2217ecb239510f610d3bc6 Mon Sep 17 00:00:00 2001 From: pxpm Date: Mon, 18 Nov 2024 13:02:33 +0000 Subject: [PATCH 1/2] prevent mime type tampering --- src/BackpackElfinderController.php | 38 ++++++++++++++++++++++++++++++ src/FileManagerServiceProvider.php | 6 +++++ 2 files changed, 44 insertions(+) create mode 100644 src/BackpackElfinderController.php diff --git a/src/BackpackElfinderController.php b/src/BackpackElfinderController.php new file mode 100644 index 0000000..50975dc --- /dev/null +++ b/src/BackpackElfinderController.php @@ -0,0 +1,38 @@ +merge(['mimes' => urlencode(serialize($mimes))]); + if (! empty($mimes)) { + request()->merge(['mimes' => urlencode(serialize($mimes))]); + } else { + request()->merge(['mimes' => '']); + } + + return $this->app['view'] + ->make($this->package.'::standalonepopup') + ->with($this->getViewVars()) + ->with(compact('input_id')); + } +} diff --git a/src/FileManagerServiceProvider.php b/src/FileManagerServiceProvider.php index dee8506..04f69cf 100644 --- a/src/FileManagerServiceProvider.php +++ b/src/FileManagerServiceProvider.php @@ -4,6 +4,7 @@ use Illuminate\Support\Facades\Config; use Illuminate\Support\ServiceProvider; +use Barryvdh\Elfinder\ElfinderController; class FileManagerServiceProvider extends ServiceProvider { @@ -27,6 +28,11 @@ public function boot() } } + public function register() + { + $this->app->bind(ElfinderController::class, BackpackElfinderController::class); + } + /** * Console-specific booting. * From b6d85c98cef61045bc985f8936e9d886f2a24d81 Mon Sep 17 00:00:00 2001 From: StyleCI Bot Date: Mon, 18 Nov 2024 13:02:46 +0000 Subject: [PATCH 2/2] Apply fixes from StyleCI --- config/elfinder.php | 2 +- src/FileManagerServiceProvider.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/elfinder.php b/config/elfinder.php index fbb0c48..d6e50e0 100644 --- a/config/elfinder.php +++ b/config/elfinder.php @@ -39,7 +39,7 @@ */ 'route' => [ - 'prefix' => config('backpack.base.route_prefix', 'admin').'/elfinder', + 'prefix' => config('backpack.base.route_prefix', 'admin').'/elfinder', 'middleware' => ['web', config('backpack.base.middleware_key', 'admin')], //Set to null to disable middleware filter ], diff --git a/src/FileManagerServiceProvider.php b/src/FileManagerServiceProvider.php index 04f69cf..feb2afb 100644 --- a/src/FileManagerServiceProvider.php +++ b/src/FileManagerServiceProvider.php @@ -2,9 +2,9 @@ namespace Backpack\FileManager; +use Barryvdh\Elfinder\ElfinderController; use Illuminate\Support\Facades\Config; use Illuminate\Support\ServiceProvider; -use Barryvdh\Elfinder\ElfinderController; class FileManagerServiceProvider extends ServiceProvider { @@ -46,11 +46,11 @@ protected function bootForConsole() ], 'views'); $this->publishes([ - __DIR__.'/../config/elfinder.php' => config_path('elfinder.php'), + __DIR__.'/../config/elfinder.php' => config_path('elfinder.php'), ], 'config'); $this->publishes([ - __DIR__.'/../public/packages/backpack/filemanager/themes/Backpack' => public_path('packages/backpack/filemanager/themes/Backpack'), + __DIR__.'/../public/packages/backpack/filemanager/themes/Backpack' => public_path('packages/backpack/filemanager/themes/Backpack'), ], 'public'); // Registering package commands.