devol
/
LinkStack
mirror of https://github.com/LinkStackOrg/LinkStack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

File type validation when importing userdata

This commit is contained in:
Julian Prieber 2024-02-06 23:00:39 +01:00
parent cec01d3d02
commit 97299ae627
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/Http/Controllers/UserController.php
View File

@ -1144,17 +1144,24 @@ class UserController extends Controller
$sanitizedText = strip_tags_except_allowed_protocols($sanitizedText); $sanitizedText = strip_tags_except_allowed_protocols($sanitizedText);
$user->littlelink_description = $sanitizedText; $user->littlelink_description = $sanitizedText;
} }
$allowedExtensions = array('jpeg', 'jpg', 'png', 'webp');
$userExtension = strtolower($userData['image_extension']);
if (isset($userData['image_data'])) { if (isset($userData['image_data'])) {
if (in_array($userExtension, $allowedExtensions)) {
// Decode the image data from Base64 // Decode the image data from Base64
$imageData = base64_decode($userData['image_data']); $imageData = base64_decode($userData['image_data']);
// Save the image to the correct path with the correct file name and extension // Save the image to the correct path with the correct file name and extension
$filename = $user->id . '.' . $userData['image_extension']; $filename = $user->id . '.' . $userExtension;
file_put_contents(base_path('img/' . $filename), $imageData); file_put_contents(base_path('assets/img/' . $filename), $imageData);
// Update the user's image field with the correct file name // Update the user's image field with the correct file name
$user->image = $filename; $user->image = $filename;
}
} }
$user->save(); $user->save();
// Delete all links for the authenticated user // Delete all links for the authenticated user