UA-Fediland/pixelfed
2
0
Fork 0
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-11-10 00:34:50 +00:00
Code Issues Projects Releases Packages Wiki Activity

Validate filters

Browse source
This commit is contained in:
Daniel Supernault 2019-03-08 01:52:54 -07:00
parent 063277d3e2
commit 2245c31bb8
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
2 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/Http/Controllers/InternalApiController.php
View file

@ -23,6 +23,7 @@ use App\Transformer\Api\{
AccountTransformer, AccountTransformer,
StatusTransformer, StatusTransformer,
}; };
use App\Util\Media\Filter;
use App\Jobs\StatusPipeline\NewStatusPipeline; use App\Jobs\StatusPipeline\NewStatusPipeline;
use League\Fractal\Serializer\ArraySerializer; use League\Fractal\Serializer\ArraySerializer;
use League\Fractal\Pagination\IlluminatePaginatorAdapter; use League\Fractal\Pagination\IlluminatePaginatorAdapter;
@ -63,7 +64,7 @@ class InternalApiController extends Controller
if($m->profile_id !== $profile->id || $m->status_id) { if($m->profile_id !== $profile->id || $m->status_id) {
abort(403, 'Invalid media id'); abort(403, 'Invalid media id');
} }
$m->filter_class = $media['filter']; $m->filter_class = in_array($media['filter'], Filter::classes()) ? $media['filter'] : null;
$m->license = $media['license']; $m->license = $media['license'];
$m->caption = strip_tags($media['alt']); $m->caption = strip_tags($media['alt']);
$m->order = isset($media['cursor']) && is_int($media['cursor']) ? (int) $media['cursor'] : $k; $m->order = isset($media['cursor']) && is_int($media['cursor']) ? (int) $media['cursor'] : $k;

8
app/Http/Controllers/StatusController.php
View file

@ -16,6 +16,7 @@ use Auth;
use Cache; use Cache;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use League\Fractal; use League\Fractal;
use App\Util\Media\Filter;
class StatusController extends Controller class StatusController extends Controller
{ {
@ -151,6 +152,8 @@ class StatusController extends Controller
if(in_array($v->getMimeType(), $allowedMimes) == false) { if(in_array($v->getMimeType(), $allowedMimes) == false) {
continue; continue;
} }
$filter_class = $request->input('filter_class');
$filter_name = $request->input('filter_name');
$storagePath = "public/m/{$monthHash}/{$userHash}"; $storagePath = "public/m/{$monthHash}/{$userHash}";
$path = $v->store($storagePath); $path = $v->store($storagePath);
@ -163,8 +166,9 @@ class StatusController extends Controller
$media->original_sha256 = $hash; $media->original_sha256 = $hash;
$media->size = $v->getSize(); $media->size = $v->getSize();
$media->mime = $v->getMimeType(); $media->mime = $v->getMimeType();
$media->filter_class = $request->input('filter_class');
$media->filter_name = $request->input('filter_name'); $media->filter_class = in_array($filter_class, Filter::classes()) ? $filter_class : null;
$media->filter_name = in_array($filter_name, Filter::names()) ? $filter_name : null;
$media->order = $order; $media->order = $order;
$media->save(); $media->save();
array_push($mimes, $media->mime); array_push($mimes, $media->mime);