archive/BookStackApp_BookStack
0
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-04-30 06:30:03 +00:00
Code Issues Projects Releases Wiki Activity

Fixed app logo visibility with secure_restricted images

Browse source 
Includes test to cover.
For
This commit is contained in:
Dan Brown 2022-11-10 14:15:59 +00:00
parent 832356d56e
commit d2260b234c
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
2 changed files with 23 additions and 5 deletions
app/Uploads
ImageService.php
tests/Uploads
ImageTest.php

9
app/Uploads/ImageService.php
View file

@ -88,16 +88,17 @@ class ImageService
protected function getStorageDiskName(string $imageType): string protected function getStorageDiskName(string $imageType): string
{ {
$storageType = config('filesystems.images'); $storageType = config('filesystems.images');
$localSecureInUse = ($storageType === 'local_secure' || $storageType === 'local_secure_restricted');
// Ensure system images (App logo) are uploaded to a public space // Ensure system images (App logo) are uploaded to a public space
if ($imageType === 'system' && $storageType === 'local_secure') { if ($imageType === 'system' && $localSecureInUse) {
$storageType = 'local'; return 'local';
} }
// Rename local_secure options to get our image specific storage driver which // Rename local_secure options to get our image specific storage driver which
// is scoped to the relevant image directories. // is scoped to the relevant image directories.
if ($storageType === 'local_secure' || $storageType === 'local_secure_restricted') { if ($localSecureInUse) {
$storageType = 'local_secure_images'; return 'local_secure_images';
} }
return $storageType; return $storageType;

19
tests/Uploads/ImageTest.php
View file

@ -310,7 +310,7 @@ class ImageTest extends TestCase
} }
} }
public function test_system_images_remain_public() public function test_system_images_remain_public_with_local_secure()
{ {
config()->set('filesystems.images', 'local_secure'); config()->set('filesystems.images', 'local_secure');
$this->asAdmin(); $this->asAdmin();
@ -327,6 +327,23 @@ class ImageTest extends TestCase
} }
} }
public function test_system_images_remain_public_with_local_secure_restricted()
{
config()->set('filesystems.images', 'local_secure_restricted');
$this->asAdmin();
$galleryFile = $this->getTestImage('my-system-test-restricted-upload.png');
$expectedPath = public_path('uploads/images/system/' . date('Y-m') . '/my-system-test-restricted-upload.png');
$upload = $this->call('POST', '/settings/customization', [], [], ['app_logo' => $galleryFile], []);
$upload->assertRedirect('/settings/customization');
$this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: ' . $expectedPath);
if (file_exists($expectedPath)) {
unlink($expectedPath);
}
}
public function test_secure_restricted_images_inaccessible_without_relation_permission() public function test_secure_restricted_images_inaccessible_without_relation_permission()
{ {
config()->set('filesystems.images', 'local_secure_restricted'); config()->set('filesystems.images', 'local_secure_restricted');