kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2026-02-05 11:56:58 +00:00
Code Issues Projects Releases Wiki Activity

🤖 Auto commit for release 'develop' on 2026-01-23

Browse Source
This commit is contained in:
JC5
2026-01-23 15:14:29 +01:00
parent 8f15a32bd6
commit eeeba86d38
888 changed files with 10732 additions and 10387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/Http/Controllers/AttachmentController.php
View File

@@ -99,21 +99,22 @@ class AttachmentController extends Controller
public function download(Attachment $attachment)
{
if ($this->repository->exists($attachment)) {
$content = $this->repository->getContent($attachment);
$quoted = sprintf('"%s"', addcslashes(basename($attachment->filename), '"\\'));
$content = $this->repository->getContent($attachment);
$quoted = sprintf('"%s"', addcslashes(basename($attachment->filename), '"\\'));
/** @var LaravelResponse $response */
$response = response($content);
$response
->header('Content-Description', 'File Transfer')
->header('Content-Type', 'application/octet-stream')
->header('Content-Disposition', 'attachment; filename=' . $quoted)
->header('Content-Disposition', 'attachment; filename='.$quoted)
->header('Content-Transfer-Encoding', 'binary')
->header('Connection', 'Keep-Alive')
->header('Expires', '0')
->header('Cache-Control', 'must-revalidate, post-check=0, pre-check=0')
->header('Pragma', 'public')
->header('Content-Length', (string) strlen($content));
->header('Content-Length', (string) strlen($content))
;
return $response;
}
@@ -137,7 +138,7 @@ class AttachmentController extends Controller
$this->rememberPreviousUrl('attachments.edit.url');
}
$request->session()->forget('attachments.edit.fromUpdate');
$preFilled = ['notes' => $this->repository->getNoteText($attachment)];
$preFilled = ['notes' => $this->repository->getNoteText($attachment)];
$request->session()->flash('preFilled', $preFilled);
return view('attachments.edit', ['attachment' => $attachment, 'subTitleIcon' => $subTitleIcon, 'subTitle' => $subTitle]);
@@ -165,7 +166,7 @@ class AttachmentController extends Controller
*/
public function update(AttachmentFormRequest $request, Attachment $attachment): RedirectResponse
{
$data = $request->getAttachmentData();
$data = $request->getAttachmentData();
$this->repository->update($attachment, $data);
$request->session()->flash('success', (string) trans('firefly.attachment_updated', ['name' => $attachment->filename]));
@@ -193,7 +194,7 @@ class AttachmentController extends Controller
$content = $this->repository->getContent($attachment);
// prevent XSS by adding a new secure header.
$csp = [
$csp = [
"default-src 'none'",
"object-src 'none'",
"script-src 'none'",
@@ -202,13 +203,13 @@ class AttachmentController extends Controller
"font-src 'none'",
"connect-src 'none'",
"img-src 'self'",
"manifest-src 'none'"
"manifest-src 'none'",
];
return response()->make($content, 200, [
'Content-Security-Policy' => implode('; ', $csp),
'Content-Type' => $attachment->mime,
'Content-Disposition' => 'inline; filename="' . $attachment->filename . '"'
'Content-Disposition' => 'inline; filename="'.$attachment->filename.'"',
]);
}