Added test to cover.
Did attempt a 64k limit, but values over 2k significantly increase
chance of other issues since this URL may be used in redirect headers.
Would rather catch issues in-app.
For #4044
class AttachmentApiController extends ApiController
{
- protected $attachmentService;
-
- public function __construct(AttachmentService $attachmentService)
- {
- $this->attachmentService = $attachmentService;
+ public function __construct(
+ protected AttachmentService $attachmentService
+ ) {
}
/**
'name' => ['required', 'min:1', 'max:255', 'string'],
'uploaded_to' => ['required', 'integer', 'exists:pages,id'],
'file' => array_merge(['required_without:link'], $this->attachmentService->getFileValidationRules()),
- 'link' => ['required_without:file', 'min:1', 'max:255', 'safe_url'],
+ 'link' => ['required_without:file', 'min:1', 'max:2000', 'safe_url'],
],
'update' => [
'name' => ['min:1', 'max:255', 'string'],
'uploaded_to' => ['integer', 'exists:pages,id'],
'file' => $this->attachmentService->getFileValidationRules(),
- 'link' => ['min:1', 'max:255', 'safe_url'],
+ 'link' => ['min:1', 'max:2000', 'safe_url'],
],
];
}
class AttachmentController extends Controller
{
- protected AttachmentService $attachmentService;
- protected PageRepo $pageRepo;
-
- /**
- * AttachmentController constructor.
- */
- public function __construct(AttachmentService $attachmentService, PageRepo $pageRepo)
- {
- $this->attachmentService = $attachmentService;
- $this->pageRepo = $pageRepo;
+ public function __construct(
+ protected AttachmentService $attachmentService,
+ protected PageRepo $pageRepo
+ ) {
}
/**
try {
$this->validate($request, [
'attachment_edit_name' => ['required', 'string', 'min:1', 'max:255'],
- 'attachment_edit_url' => ['string', 'min:1', 'max:255', 'safe_url'],
+ 'attachment_edit_url' => ['string', 'min:1', 'max:2000', 'safe_url'],
]);
} catch (ValidationException $exception) {
return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [
$this->validate($request, [
'attachment_link_uploaded_to' => ['required', 'integer', 'exists:pages,id'],
'attachment_link_name' => ['required', 'string', 'min:1', 'max:255'],
- 'attachment_link_url' => ['required', 'string', 'min:1', 'max:255', 'safe_url'],
+ 'attachment_link_url' => ['required', 'string', 'min:1', 'max:2000', 'safe_url'],
]);
} catch (ValidationException $exception) {
return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [
Validator::extend('safe_url', function ($attribute, $value, $parameters, $validator) {
$cleanLinkName = strtolower(trim($value));
- $isJs = strpos($cleanLinkName, 'javascript:') === 0;
- $isData = strpos($cleanLinkName, 'data:') === 0;
+ $isJs = str_starts_with($cleanLinkName, 'javascript:');
+ $isData = str_starts_with($cleanLinkName, 'data:');
return !$isJs && !$isData;
});
/**
* Get the downloadable file name for this upload.
- *
- * @return mixed|string
*/
- public function getFileName()
+ public function getFileName(): string
{
- if (strpos($this->name, '.') !== false) {
+ if (str_contains($this->name, '.')) {
return $this->name;
}
*/
public function getUrl($openInline = false): string
{
- if ($this->external && strpos($this->path, 'http') !== 0) {
+ if ($this->external && !str_starts_with($this->path, 'http')) {
return $this->path;
}
--- /dev/null
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+ /**
+ * Run the migrations.
+ *
+ * @return void
+ */
+ public function up()
+ {
+ Schema::table('attachments', function (Blueprint $table) {
+ $table->text('path')->change();
+ });
+ }
+
+ /**
+ * Reverse the migrations.
+ *
+ * @return void
+ */
+ public function down()
+ {
+ Schema::table('attachments', function (Blueprint $table) {
+ $table->string('path')->change();
+ });
+ }
+};
$this->files->deleteAllAttachmentFiles();
}
+ public function test_attaching_long_links_to_a_page()
+ {
+ $page = $this->entities->page();
+
+ $link = 'https://example.com?query=' . str_repeat('catsIScool', 195);
+ $linkReq = $this->asAdmin()->post('attachments/link', [
+ 'attachment_link_url' => $link,
+ 'attachment_link_name' => 'Example Attachment Link',
+ 'attachment_link_uploaded_to' => $page->id,
+ ]);
+
+ $linkReq->assertStatus(200);
+ $this->assertDatabaseHas('attachments', [
+ 'uploaded_to' => $page->id,
+ 'path' => $link,
+ 'external' => true,
+ ]);
+
+ $attachment = $page->attachments()->where('external', '=', true)->first();
+ $resp = $this->get($attachment->getUrl());
+ $resp->assertRedirect($link);
+ }
+
public function test_attachment_updating()
{
$page = $this->entities->page();
projects / bookstack / commitdiff