Merge pull request #6454 from pixelfed/a5

Bugfix: Validation was ignored, allows any file type/size
7 days ago · f1af72e66d
parent 416c02e2b8 1a1dc5e096
commit f1af72e66d
4 changed files with 20 additions and 28 deletions
--- a/app/Http/Controllers/ComposeController.php
+++ b/app/Http/Controllers/ComposeController.php
@ -165,13 +165,11 @@ class ComposeController extends Controller
    {
        $this->validate($request, [
            'id' => 'required',
-            'file' => function () {
-                return [
-                    'required',
-                    'mimetypes:'.config_cache('pixelfed.media_types'),
-                    'max:'.config_cache('pixelfed.max_photo_size'),
-                ];
-            },
+            'file' => [
+                'required',
+                'mimetypes:'.config_cache('pixelfed.media_types'),
+                'max:'.config_cache('pixelfed.max_photo_size'),
+            ],
        ]);

        $user = Auth::user();
--- a/app/Http/Controllers/DirectMessageController.php
+++ b/app/Http/Controllers/DirectMessageController.php
@ -434,13 +434,11 @@ class DirectMessageController extends Controller
    public function mediaUpload(Request $request)
    {
        $this->validate($request, [
-            'file' => function () {
-                return [
-                    'required',
-                    'mimetypes:'.config_cache('pixelfed.media_types'),
-                    'max:'.config_cache('pixelfed.max_photo_size'),
-                ];
-            },
+            'file' => [
+                'required',
+                'mimetypes:'.config_cache('pixelfed.media_types'),
+                'max:'.config_cache('pixelfed.max_photo_size'),
+            ],
            'to_id' => 'required',
        ]);

--- a/app/Http/Controllers/Stories/StoryApiV1Controller.php
+++ b/app/Http/Controllers/Stories/StoryApiV1Controller.php
@ -264,13 +264,11 @@ class StoryApiV1Controller extends Controller
        abort_if(! (bool) config_cache('instance.stories.enabled') || ! $request->user(), 404);

        $this->validate($request, [
-            'file' => function () {
-                return [
-                    'required',
-                    'mimetypes:image/jpeg,image/jpg,image/png,video/mp4',
-                    'max:'.config_cache('pixelfed.max_photo_size'),
-                ];
-            },
+            'file' => [
+                'required',
+                'mimetypes:image/jpeg,image/jpg,image/png,video/mp4',
+                'max:'.config_cache('pixelfed.max_photo_size'),
+            ],
            'duration' => 'sometimes|integer|min:0|max:30',
        ]);

--- a/app/Http/Controllers/StoryComposeController.php
+++ b/app/Http/Controllers/StoryComposeController.php
@ -41,13 +41,11 @@ class StoryComposeController extends Controller
        abort_if(! (bool) config_cache('instance.stories.enabled') || ! $request->user(), 404);

        $this->validate($request, [
-            'file' => function () {
-                return [
-                    'required',
-                    'mimetypes:image/jpeg,image/png,video/mp4,image/jpg',
-                    'max:'.config_cache('pixelfed.max_photo_size'),
-                ];
-            },
+            'file' => [
+                'required',
+                'mimetypes:image/jpeg,image/png,video/mp4,image/jpg',
+                'max:'.config_cache('pixelfed.max_photo_size'),
+            ],
        ]);

        $user = $request->user();