From 2641c02c3ecf77439e960e987ed305def1e84d2f Mon Sep 17 00:00:00 2001
From: pxpm <pxpm88@gmail.com>
Date: Mon, 4 Nov 2024 18:14:19 +0000
Subject: [PATCH 1/4] fix serialization of mime types

---
 resources/views/standalonepopup.blade.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/resources/views/standalonepopup.blade.php b/resources/views/standalonepopup.blade.php
index 37f3af4..4bc07fa 100644
--- a/resources/views/standalonepopup.blade.php
+++ b/resources/views/standalonepopup.blade.php
@@ -1,3 +1,11 @@
+@php
+try {
+    $mimes = json_encode(Crypt::decrypt(urldecode(request('mimes'))), JSON_UNESCAPED_SLASHES);
+} catch (\Exception $e) {
+    Log::error('Someone attempted to tamper with mime types in elfinder popup. The attempt was blocked.');
+    $mimes = json_encode([]);
+}
+@endphp
 <!DOCTYPE html>
 <html lang="{{ app()->getLocale() }}">
     <head>
@@ -32,7 +40,7 @@
                     url: '{{ route("elfinder.connector") }}',  // connector URL
                     soundPath: '{{ Basset::getUrl(base_path("vendor/studio-42/elfinder/sounds")) }}',
                     resizable: false,
-                    onlyMimes: @json(unserialize(urldecode(request('mimes'))), JSON_UNESCAPED_SLASHES),
+                    onlyMimes: {!! $mimes !!},
                     commandsOptions: {
                         getfile: {
                             multiple: {{ request('multiple') ? 'true' : 'false' }},

From ac1097604210ae29657e5b0a9ae270f0d20c77fc Mon Sep 17 00:00:00 2001
From: pxpm <pxpm88@gmail.com>
Date: Tue, 5 Nov 2024 11:55:15 +0000
Subject: [PATCH 2/4] wip

---
 src/BackpackElfinderController.php | 28 ++++++++++++++++++++++++++++
 src/FileManagerServiceProvider.php |  8 +++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 src/BackpackElfinderController.php

diff --git a/src/BackpackElfinderController.php b/src/BackpackElfinderController.php
new file mode 100644
index 0000000..6852a00
--- /dev/null
+++ b/src/BackpackElfinderController.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace Backpack\FileManager;
+
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Support\Facades\Log;
+
+class BackpackElfinderController extends \Barryvdh\Elfinder\ElfinderController
+{
+    public function showPopup($input_id)
+    {
+        $mimes = request('mimes');
+
+        try {
+            $mimes = Crypt::decrypt(urldecode(request('mimes')));
+        } catch (\Illuminate\Contracts\Encryption\DecryptException $e) {
+            Log::error('Someone attempted to tamper with mime types in elfinder popup. The attempt was blocked.');
+            abort(403, 'Unauthorized action.');
+        }
+
+        request()->merge(['mimes' => urlencode(serialize( $mimes))]);
+
+        return $this->app['view']
+            ->make($this->package.'::standalonepopup')
+            ->with($this->getViewVars())
+            ->with(compact('input_id'));
+    }
+}
diff --git a/src/FileManagerServiceProvider.php b/src/FileManagerServiceProvider.php
index 11a37a4..a426fa0 100644
--- a/src/FileManagerServiceProvider.php
+++ b/src/FileManagerServiceProvider.php
@@ -3,13 +3,14 @@
 namespace Backpack\FileManager;
 
 use Backpack\Basset\Facades\Basset;
+use Barryvdh\Elfinder\ElfinderController;
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\ServiceProvider;
 
 class FileManagerServiceProvider extends ServiceProvider
 {
     protected $commands = [
-        \Backpack\FileManager\Console\Commands\Install::class,
+        Console\Commands\Install::class,
     ];
 
     /**
@@ -25,6 +26,11 @@ public function boot()
         }
     }
 
+    public function register()
+    {
+        $this->app->bind(ElfinderController::class, BackpackElfinderController::class);
+    }
+
     /**
      * Console-specific booting.
      *

From a73976f2a2e94bf6e3e9058a35d95d5bc07941ed Mon Sep 17 00:00:00 2001
From: StyleCI Bot <bot@styleci.io>
Date: Tue, 5 Nov 2024 11:55:28 +0000
Subject: [PATCH 3/4] Apply fixes from StyleCI

---
 src/BackpackElfinderController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/BackpackElfinderController.php b/src/BackpackElfinderController.php
index 6852a00..35dc848 100644
--- a/src/BackpackElfinderController.php
+++ b/src/BackpackElfinderController.php
@@ -18,7 +18,7 @@ public function showPopup($input_id)
             abort(403, 'Unauthorized action.');
         }
 
-        request()->merge(['mimes' => urlencode(serialize( $mimes))]);
+        request()->merge(['mimes' => urlencode(serialize($mimes))]);
 
         return $this->app['view']
             ->make($this->package.'::standalonepopup')

From 4bb4b2422c6bed8c9435fb4bb81b0dc95cb5c734 Mon Sep 17 00:00:00 2001
From: pxpm <pxpm88@gmail.com>
Date: Tue, 5 Nov 2024 11:56:17 +0000
Subject: [PATCH 4/4] wip

---
 resources/views/standalonepopup.blade.php | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/resources/views/standalonepopup.blade.php b/resources/views/standalonepopup.blade.php
index 4bc07fa..37f3af4 100644
--- a/resources/views/standalonepopup.blade.php
+++ b/resources/views/standalonepopup.blade.php
@@ -1,11 +1,3 @@
-@php
-try {
-    $mimes = json_encode(Crypt::decrypt(urldecode(request('mimes'))), JSON_UNESCAPED_SLASHES);
-} catch (\Exception $e) {
-    Log::error('Someone attempted to tamper with mime types in elfinder popup. The attempt was blocked.');
-    $mimes = json_encode([]);
-}
-@endphp
 <!DOCTYPE html>
 <html lang="{{ app()->getLocale() }}">
     <head>
@@ -40,7 +32,7 @@
                     url: '{{ route("elfinder.connector") }}',  // connector URL
                     soundPath: '{{ Basset::getUrl(base_path("vendor/studio-42/elfinder/sounds")) }}',
                     resizable: false,
-                    onlyMimes: {!! $mimes !!},
+                    onlyMimes: @json(unserialize(urldecode(request('mimes'))), JSON_UNESCAPED_SLASHES),
                     commandsOptions: {
                         getfile: {
                             multiple: {{ request('multiple') ? 'true' : 'false' }},