Update filesystems, store all files as public by default and add default permissions. Fixes #4273, #4275. Closes #3825

2024-11-22 14:31:26 +00:00 · 2023-04-03 19:15:20 -06:00 · 2023-04-03 19:15:20 -06:00 · 22da2647c7
commit 22da2647c7
parent 73aa01e8e0
10 changed files with 23 additions and 13 deletions
--- a/app/Http/Controllers/AdminController.php
+++ b/app/Http/Controllers/AdminController.php
@ -532,7 +532,7 @@ class AdminController extends Controller
 		$emoji->save();
 		$fileName = $emoji->id . '.' . $request->emoji->extension();
-		$request->emoji->storeAs('public/emoji', $fileName);
+		$request->emoji->storePubliclyAs('public/emoji', $fileName);
 		$emoji->media_path = 'emoji/' . $fileName;
 		$emoji->save();
 		Cache::forget('pf:custom_emoji');
--- a/app/Http/Controllers/Api/ApiV1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Controller.php
@ -260,7 +260,7 @@ class ApiV1Controller extends Controller
 				$file = $request->file('avatar');
 				$path = "public/avatars/{$profile->id}";
 				$name = strtolower(str_random(6)). '.' . $file->guessExtension();
-				$request->file('avatar')->storeAs($path, $name);
+				$request->file('avatar')->storePubliclyAs($path, $name);
 				$av->media_path = "{$path}/{$name}";
 				$av->save();
 				Cache::forget("avatar:{$profile->id}");
@ -1610,7 +1610,7 @@ class ApiV1Controller extends Controller
 		}
 		$storagePath = MediaPathService::get($user, 2);
-		$path = $photo->store($storagePath);
+		$path = $photo->storePublicly($storagePath);
 		$hash = \hash_file('sha256', $photo);
 		$license = null;
 		$mime = $photo->getMimeType();
@ -1815,7 +1815,7 @@ class ApiV1Controller extends Controller
 		}
 		$storagePath = MediaPathService::get($user, 2);
-		$path = $photo->store($storagePath);
+		$path = $photo->storePublicly($storagePath);
 		$hash = \hash_file('sha256', $photo);
 		$license = null;
 		$mime = $photo->getMimeType();
--- a/app/Http/Controllers/Api/BaseApiController.php
+++ b/app/Http/Controllers/Api/BaseApiController.php
@ -112,7 +112,7 @@ class BaseApiController extends Controller
            $name = $path['name'];
            $public = $path['storage'];
            $currentAvatar = storage_path('app/'.$profile->avatar->media_path);
-            $loc = $request->file('upload')->storeAs($public, $name);
+            $loc = $request->file('upload')->storePubliclyAs($public, $name);
            $avatar = Avatar::whereProfileId($profile->id)->firstOrFail();
            $opath = $avatar->media_path;
--- a/app/Http/Controllers/AvatarController.php
+++ b/app/Http/Controllers/AvatarController.php
@ -30,7 +30,7 @@ class AvatarController extends Controller
            $dir = $path['root'];
            $name = $path['name'];
            $public = $path['storage'];
-            $loc = $request->file('avatar')->storeAs($public, $name);
+            $loc = $request->file('avatar')->storePubliclyAs($public, $name);
            $avatar = Avatar::firstOrNew(['profile_id' => $profile->id]);
            $currentAvatar = $avatar->recentlyCreated ? null : storage_path('app/'.$profile->avatar->media_path);
--- a/app/Http/Controllers/ComposeController.php
+++ b/app/Http/Controllers/ComposeController.php
@ -123,7 +123,7 @@ class ComposeController extends Controller
 		abort_if(in_array($photo->getMimeType(), $mimes) == false, 400, 'Invalid media format');
 		$storagePath = MediaPathService::get($user, 2);
-		$path = $photo->store($storagePath);
+		$path = $photo->storePublicly($storagePath);
 		$hash = \hash_file('sha256', $photo);
 		$mime = $photo->getMimeType();
@ -209,7 +209,7 @@ class ComposeController extends Controller
 		$name = last($fragments);
 		array_pop($fragments);
 		$dir = implode('/', $fragments);
-		$path = $photo->storeAs($dir, $name);
+		$path = $photo->storePubliclyAs($dir, $name);
 		$res = [
 			'url' => $media->url() . '?v=' . time()
 		];
--- a/app/Http/Controllers/DirectMessageController.php
+++ b/app/Http/Controllers/DirectMessageController.php
@ -602,7 +602,7 @@ class DirectMessageController extends Controller
 		}
 		$storagePath = MediaPathService::get($user, 2) . Str::random(8);
-		$path = $photo->store($storagePath);
+		$path = $photo->storePublicly($storagePath);
 		$hash = \hash_file('sha256', $photo);
 		abort_if(MediaBlocklistService::exists($hash) == true, 451);
--- a/app/Http/Controllers/Import/Instagram.php
+++ b/app/Http/Controllers/Import/Instagram.php
@ -93,7 +93,7 @@ trait Instagram
    			continue;
    		}
            $storagePath = "import/{$job->uuid}";
-            $path = $v->store($storagePath);
+            $path = $v->storePublicly($storagePath);
            DB::transaction(function() use ($profile, $job, $path, $original) {
 		        $data = new ImportData;
 		        $data->profile_id = $profile->id;
@ -141,7 +141,7 @@ trait Instagram
 			return abort(500);
 		}
 		$storagePath = "import/{$job->uuid}";
-        $path = $media->store($storagePath);
+        $path = $media->storePublicly($storagePath);
        $job->media_json = $path;
        $job->stage = 3;
        $job->save();
--- a/app/Http/Controllers/Stories/StoryApiV1Controller.php
+++ b/app/Http/Controllers/Stories/StoryApiV1Controller.php
@ -354,7 +354,7 @@ class StoryApiV1Controller extends Controller
 		}
 		$storagePath = MediaPathService::story($user->profile);
-		$path = $photo->storeAs($storagePath, Str::random(random_int(2, 12)) . '_' . Str::random(random_int(32, 35)) . '_' . Str::random(random_int(1, 14)) . '.' . $photo->extension());
+		$path = $photo->storePubliclyAs($storagePath, Str::random(random_int(2, 12)) . '_' . Str::random(random_int(32, 35)) . '_' . Str::random(random_int(1, 14)) . '.' . $photo->extension());
 		return $path;
 	}
 }
--- a/app/Http/Controllers/StoryComposeController.php
+++ b/app/Http/Controllers/StoryComposeController.php
@ -111,7 +111,7 @@ class StoryComposeController extends Controller
 		}
 		$storagePath = MediaPathService::story($user->profile);
-		$path = $photo->storeAs($storagePath, Str::random(random_int(2, 12)) . '_' . Str::random(random_int(32, 35)) . '_' . Str::random(random_int(1, 14)) . '.' . $photo->extension());
+		$path = $photo->storePubliclyAs($storagePath, Str::random(random_int(2, 12)) . '_' . Str::random(random_int(32, 35)) . '_' . Str::random(random_int(1, 14)) . '.' . $photo->extension());
 		if(in_array($photo->getMimeType(), ['image/jpeg','image/png'])) {
 			$fpath = storage_path('app/' . $path);
 			$img = Intervention::make($fpath);
--- a/config/filesystems.php
+++ b/config/filesystems.php
@ -46,6 +46,16 @@ return [
        'local' => [
            'driver' => 'local',
            'root'   => storage_path('app'),
            'permissions' => [
                'file' => [
                    'public' => 0644,
                    'private' => 0600,
                ],
                'dir' => [
                    'public' => 0755,
                    'private' => 0700,
                ],
            ],
        ],
        'public' => [