Commit 9c72480d authored by Florian Vick's avatar Florian Vick 👋🏻
Browse files

Merge branch '16-fileupload-symlinks-cause-upload-to-fail' into 'master'

Resolve "FileUpload: Symlinks cause upload to fail"

Closes #16

See merge request !16
parents 920c0b18 e8074e11
This diff is collapsed.
......@@ -4,11 +4,15 @@ declare(strict_types = 1);
namespace RoflCopter24\SymfonyLivewireBundle\Controller;
use JsonException;
use Psr\Log\LoggerInterface;
use RoflCopter24\SymfonyLivewireBundle\Entity\LivewireRequestData;
use RoflCopter24\SymfonyLivewireBundle\Exception\ComponentNotFoundException;
use RoflCopter24\SymfonyLivewireBundle\Manager\LifecycleManager;
use RoflCopter24\SymfonyLivewireBundle\Service\SettingsService;
use RoflCopter24\SymfonyLivewireBundle\Util\TemporaryFileUtil;
use Safe\Exceptions\FilesystemException;
use function Safe\realpath;
use function Safe\json_decode;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
......@@ -30,21 +34,23 @@ class ApiController extends AbstractController
* @var SettingsService
*/
private SettingsService $settingsService;
private LoggerInterface $logger;
public function __construct(ParameterBagInterface $parameterBag, SettingsService $settingsService)
public function __construct(ParameterBagInterface $parameterBag, SettingsService $settingsService, LoggerInterface $logger)
{
$this->appParameters = $parameterBag;
$this->settingsService = $settingsService;
$this->logger = $logger;
}
/**
* @Route("/message/{name}", name="message", methods={"POST"})
* @param string $name Name of the livewire component.
* @param Request $request Request object for the request.
* @param string $name Name of the livewire component.
* @param Request $request Request object for the request.
* @param LifecycleManager $lifecycleManager The LifecycleManager used to manage the components.
* @return JsonResponse The resulting message back to the frontend.
* @throws JsonException When parsing of the request body failed.
* @throws ComponentNotFoundException When the component with the given name/id is not found in the container.
* @throws \Safe\Exceptions\JsonException|JsonException When the json parsing failed
*/
public function message(string $name, Request $request, LifecycleManager $lifecycleManager): JsonResponse
{
......@@ -71,6 +77,13 @@ class ApiController extends AbstractController
$files = $request->files->get('files');
$storagePath = $this->appParameters->get('kernel.project_dir').$this->settingsService->getUploadDir();
try {
// try to use realpath to resolve any symlinks we come across.
$resolvedPath = realpath($storagePath);
$storagePath = $resolvedPath;
} catch (FilesystemException $e) {
$this->logger->error('[LivewireApiController] upload: Resolving of path failed with: '. $e->getMessage(), $e->getTrace());
}
$fileHashParts = collect($files)
->map(function (UploadedFile $file) use ($storagePath) {
......@@ -78,8 +91,10 @@ class ApiController extends AbstractController
return $file->move($storagePath, $filename)->getRealPath();
})
->map(function (string $path) use ($storagePath) {
// remove the upload directory path and keep only the "/filename.ext" part.
return str_replace($storagePath, '', $path);
});
return $this->json(['paths' => $fileHashParts]);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment