Merge pull request #6454 from pixelfed/a5

Bugfix: Validation was ignored, allows any file type/size
pull/6469/head
dansup 7 days ago committed by GitHub
commit f1af72e66d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -165,13 +165,11 @@ class ComposeController extends Controller
{
$this->validate($request, [
'id' => 'required',
'file' => function () {
return [
'required',
'mimetypes:'.config_cache('pixelfed.media_types'),
'max:'.config_cache('pixelfed.max_photo_size'),
];
},
'file' => [
'required',
'mimetypes:'.config_cache('pixelfed.media_types'),
'max:'.config_cache('pixelfed.max_photo_size'),
],
]);
$user = Auth::user();

@ -434,13 +434,11 @@ class DirectMessageController extends Controller
public function mediaUpload(Request $request)
{
$this->validate($request, [
'file' => function () {
return [
'required',
'mimetypes:'.config_cache('pixelfed.media_types'),
'max:'.config_cache('pixelfed.max_photo_size'),
];
},
'file' => [
'required',
'mimetypes:'.config_cache('pixelfed.media_types'),
'max:'.config_cache('pixelfed.max_photo_size'),
],
'to_id' => 'required',
]);

@ -264,13 +264,11 @@ class StoryApiV1Controller extends Controller
abort_if(! (bool) config_cache('instance.stories.enabled') || ! $request->user(), 404);
$this->validate($request, [
'file' => function () {
return [
'required',
'mimetypes:image/jpeg,image/jpg,image/png,video/mp4',
'max:'.config_cache('pixelfed.max_photo_size'),
];
},
'file' => [
'required',
'mimetypes:image/jpeg,image/jpg,image/png,video/mp4',
'max:'.config_cache('pixelfed.max_photo_size'),
],
'duration' => 'sometimes|integer|min:0|max:30',
]);

@ -41,13 +41,11 @@ class StoryComposeController extends Controller
abort_if(! (bool) config_cache('instance.stories.enabled') || ! $request->user(), 404);
$this->validate($request, [
'file' => function () {
return [
'required',
'mimetypes:image/jpeg,image/png,video/mp4,image/jpg',
'max:'.config_cache('pixelfed.max_photo_size'),
];
},
'file' => [
'required',
'mimetypes:image/jpeg,image/png,video/mp4,image/jpg',
'max:'.config_cache('pixelfed.max_photo_size'),
],
]);
$user = $request->user();

Loading…
Cancel
Save