From: Vincent Vanwaelscappel Date: Fri, 8 Dec 2023 11:36:10 +0000 (+0100) Subject: wip #6563 @1 X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=9d8d3c1a72eb91e567b5036968f8435ad4370cd1;p=fluidbook-toolbox.git wip #6563 @1 --- diff --git a/app/Http/Controllers/Admin/Operations/FluidbookCollection/DownloadOperation.php b/app/Http/Controllers/Admin/Operations/FluidbookCollection/DownloadOperation.php index 21f4cfa5e..8f2702c62 100644 --- a/app/Http/Controllers/Admin/Operations/FluidbookCollection/DownloadOperation.php +++ b/app/Http/Controllers/Admin/Operations/FluidbookCollection/DownloadOperation.php @@ -15,8 +15,9 @@ trait DownloadOperation { protected function setupDownloadRoutes($segment, $routeName, $controller) { - Route::match(['get'], $segment . '/{id}/download/{action}', $controller . '@download'); - Route::match(['get'], $segment . '/{id}/downloadfile/{rand}/{path}', $controller . '@downloadFile')->withoutMiddleware([CheckIfAdmin::class]); + + Route::match(['get'], $segment . '/{id}_{hash}/download/{file}', $controller . '@downloadFile')->withoutMiddleware([CheckIfAdmin::class]);; + Route::match(['get'], $segment . '/{id}/download/{action}', $controller . '@download')->whereNumber('id'); } protected function setupDownloadDefaults() @@ -39,9 +40,20 @@ trait DownloadOperation return redirect(backpack_url('fluidbook-collection')); } - protected function downloadFile($id, $rand, $path) + protected function downloadFile($id, $hash, $file) { - $file = protected_path('fluidbookcollection/final/' . $id . '/' . $rand . '/' . $path); - return XSendFileController::sendfile($file); + $e = explode('-', $file); + if ($e[1] != $id) { + abort(404, __('Erreur de correspondance du fichier')); + } + $collection = FluidbookCollection::where('id', $id)->where('hash', $hash)->first(); + if (null === $collection) { + abort(404, __('Ce fichier est indisponible')); + } + $path = protected_path('fluidbookcollection/download/' . $id . '/' . $file); + if (!file_exists($path)) { + abort(404, __('Le fichier n\'existe pas')); + } + return XSendFileController::sendfile($path); } } diff --git a/app/Jobs/DownloadBase.php b/app/Jobs/DownloadBase.php index da61686fa..ff8767393 100644 --- a/app/Jobs/DownloadBase.php +++ b/app/Jobs/DownloadBase.php @@ -91,18 +91,18 @@ class DownloadBase extends Base if (null === $title) { $title = $this->_title(); } - return Str::slugCase($this->getType() . '-' . date('Ymdhis') . '-' . md5(rand(10000, 100000000)) . '-' . Str::slug($title)) . '.' . $extension; + return Str::slugCase($this->getType() . '-' . $this->entry->id . '-' . date('Ymdhis') . '-' . Str::slug($title)) . '.' . $extension; } protected function _dest($fname) { - return Files::mkdir(protected_path($this->getBaseURL() . '/download/' . $this->entry->id . '/')) . $fname; + return Files::mkdir(protected_path($this->getType() . '/download/' . $this->entry->id . '/')) . $fname; } protected function _url($fname) { - return url('/' . $this->getBaseURL() . '/' . $this->entry->id . '_' . $this->entry->hash . '/download/' . $fname); + return url('/' . $this->getBaseURL() . '/' . $this->entry->id . '_' . $this->entry->hash . '/' . $fname); } protected function _title() @@ -156,7 +156,7 @@ class DownloadBase extends Base $compilepath = $this->_compile(); echo 'Compiled : ' . $compilepath . "\n"; $fname = $this->_fname(); - $dest = Files::mkdir(protected_path($this->getBaseURL() . '/download/' . $this->entry->id . '/')) . $fname; + $dest = $this->_dest($fname); echo 'Zip to ' . $dest . "\n"; Zip::archive($compilepath, $dest); if (!file_exists($dest)) { @@ -169,7 +169,7 @@ class DownloadBase extends Base protected function _compile() { $compilepath = $this->entry->getFinalPath(); - echo 'Compile to '.$compilepath."\n"; + echo 'Compile to ' . $compilepath . "\n"; $this->entry->compile($compilepath); return $compilepath; }