Sergio Brighenti
parent
09eeac3ed1
commit
20d13c9bd1
4 changed files with 28 additions and 2 deletions
|
|
@ -9,6 +9,7 @@ use League\Flysystem\FileNotFoundException;
|
|||
use League\Flysystem\Filesystem;
|
||||
use Psr\Http\Message\ResponseInterface as Response;
|
||||
use Psr\Http\Message\ServerRequestInterface as Request;
|
||||
use Slim\Exception\HttpBadRequestException;
|
||||
use Slim\Exception\HttpNotFoundException;
|
||||
use Slim\Exception\HttpUnauthorizedException;
|
||||
|
||||
|
|
@ -218,17 +219,23 @@ class UploadController extends Controller
|
|||
* @param Response $response
|
||||
* @param string $userCode
|
||||
* @param string $mediaCode
|
||||
* @param string|null $ext
|
||||
* @return Response
|
||||
* @throws FileNotFoundException
|
||||
* @throws HttpNotFoundException
|
||||
*/
|
||||
public function showRaw(Request $request, Response $response, string $userCode, string $mediaCode): Response
|
||||
public function showRaw(Request $request, Response $response, string $userCode, string $mediaCode, ?string $ext = null): Response
|
||||
{
|
||||
$media = $this->getMedia($userCode, $mediaCode);
|
||||
|
||||
if (!$media || !$media->published && $this->session->get('user_id') !== $media->user_id && !$this->session->get('admin', false)) {
|
||||
throw new HttpNotFoundException($request);
|
||||
}
|
||||
|
||||
if($ext !== null && pathinfo($media->filename, PATHINFO_EXTENSION) !== $ext){
|
||||
throw new HttpBadRequestException($request);
|
||||
}
|
||||
|
||||
return $this->streamMedia($request, $response, $this->storage, $media);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ namespace App\Exception\Handlers\Renderers;
|
|||
|
||||
|
||||
use App\Exceptions\UnderMaintenanceException;
|
||||
use Slim\Exception\HttpBadRequestException;
|
||||
use Slim\Exception\HttpForbiddenException;
|
||||
use Slim\Exception\HttpMethodNotAllowedException;
|
||||
use Slim\Exception\HttpNotFoundException;
|
||||
|
|
@ -40,6 +41,10 @@ class HtmlErrorRenderer implements ErrorRendererInterface
|
|||
return view()->string( 'errors/404.twig');
|
||||
}
|
||||
|
||||
if ($exception instanceof HttpBadRequestException) {
|
||||
return view()->string( 'errors/400.twig');
|
||||
}
|
||||
|
||||
return view()->string('errors/500.twig', ['exception' => $displayErrorDetails ? $exception : null]);
|
||||
}
|
||||
}
|
||||
|
|
@ -66,5 +66,5 @@ $app->post('/upload', [UploadController::class, 'upload'])->setName('upload');
|
|||
$app->get('/{userCode}/{mediaCode}', [UploadController::class, 'show'])->setName('public');
|
||||
$app->get('/{userCode}/{mediaCode}/delete/{token}', [UploadController::class, 'show'])->setName('public.delete.show')->add(CheckForMaintenanceMiddleware::class);
|
||||
$app->post('/{userCode}/{mediaCode}/delete/{token}', [UploadController::class, 'deleteByToken'])->setName('public.delete')->add(CheckForMaintenanceMiddleware::class);
|
||||
$app->get('/{userCode}/{mediaCode}/raw', [UploadController::class, 'showRaw'])->setName('public.raw');
|
||||
$app->get('/{userCode}/{mediaCode}/raw[.{ext}]', [UploadController::class, 'showRaw'])->setName('public.raw');
|
||||
$app->get('/{userCode}/{mediaCode}/download', [UploadController::class, 'download'])->setName('public.download');
|
||||
14
resources/templates/errors/400.twig
Normal file
14
resources/templates/errors/400.twig
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
{% extends 'base.twig' %}
|
||||
|
||||
{% block title %}Forbidden{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<div class="container-fluid mt-5">
|
||||
<div class="text-center">
|
||||
<h1 class="display-1">400 Bad Request</h1>
|
||||
<p class="lead">The server cannot or will not process the request due to an apparent client error.</p>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
{% block footer %}{% endblock %}
|
||||
Loading…
Reference in a new issue