kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-04-29 17:45:39 +00:00
Code Issues Projects Releases Wiki Activity

Enforce file groups

Browse Source
This commit is contained in:
Bernd Bestel 2021-07-02 20:29:53 +02:00
parent 74d745cfc4
commit 34ffb96ae3
No known key found for this signature in database
GPG Key ID: 71BD34C0D4891300
2 changed files with 34 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
controllers/FilesApiController.php
View File

@ -11,6 +11,11 @@ class FilesApiController extends BaseApiController
{ {
try try
{ {
if(!in_array($args['group'], $this->getOpenApiSpec()->components->internalSchemas->FileGroups->enum))
{
throw new \Exception('Invalid file group');
}
if (IsValidFileName(base64_decode($args['fileName']))) if (IsValidFileName(base64_decode($args['fileName'])))
{ {
$fileName = base64_decode($args['fileName']); $fileName = base64_decode($args['fileName']);
@ -39,8 +44,12 @@ class FilesApiController extends BaseApiController
{ {
try try
{ {
$fileName = $this->checkFileName($args['fileName']); if(!in_array($args['group'], $this->getOpenApiSpec()->components->internalSchemas->FileGroups->enum))
{
throw new \Exception('Invalid file group');
}
$fileName = $this->checkFileName($args['fileName']);
$filePath = $this->getFilePath($args['group'], $fileName, $request->getQueryParams()); $filePath = $this->getFilePath($args['group'], $fileName, $request->getQueryParams());
if (file_exists($filePath)) if (file_exists($filePath))
@ -65,9 +74,13 @@ class FilesApiController extends BaseApiController
{ {
try try
{ {
if(!in_array($args['group'], $this->getOpenApiSpec()->components->internalSchemas->FileGroups->enum))
{
throw new \Exception('Invalid file group');
}
$fileInfo = explode('_', $args['fileName']); $fileInfo = explode('_', $args['fileName']);
$fileName = $this->checkFileName($fileInfo[1]); $fileName = $this->checkFileName($fileInfo[1]);
$filePath = $this->getFilePath($args['group'], base64_decode($fileInfo[0]), $request->getQueryParams()); $filePath = $this->getFilePath($args['group'], base64_decode($fileInfo[0]), $request->getQueryParams());
if (file_exists($filePath)) if (file_exists($filePath))
@ -92,9 +105,14 @@ class FilesApiController extends BaseApiController
{ {
try try
{ {
$fileName = $this->checkFileName($args['fileName']); if(!in_array($args['group'], $this->getOpenApiSpec()->components->internalSchemas->FileGroups->enum))
{
throw new \Exception('Invalid file group');
}
$fileName = $this->checkFileName($args['fileName']);
$data = $request->getBody()->getContents(); $data = $request->getBody()->getContents();
file_put_contents($this->getFilesService()->GetFilePath($args['group'], $fileName), $data); file_put_contents($this->getFilesService()->GetFilePath($args['group'], $fileName), $data);
return $this->EmptyApiResponse($response); return $this->EmptyApiResponse($response);

16
grocy.openapi.json
View File

@ -734,7 +734,7 @@
"required": true, "required": true,
"description": "The file group", "description": "The file group",
"schema": { "schema": {
"type": "string" "$ref": "#/components/internalSchemas/FileGroups"
} }
}, },
{ {
@ -814,7 +814,7 @@
"required": true, "required": true,
"description": "The file group", "description": "The file group",
"schema": { "schema": {
"type": "string" "$ref": "#/components/internalSchemas/FileGroups"
} }
}, },
{ {
@ -865,7 +865,7 @@
"required": true, "required": true,
"description": "The file group", "description": "The file group",
"schema": { "schema": {
"type": "string" "$ref": "#/components/internalSchemas/FileGroups"
} }
}, },
{ {
@ -4184,6 +4184,16 @@
"product-opened" "product-opened"
] ]
}, },
"FileGroups": {
"type": "string",
"enum": [
"equipmentmanuals",
"recipepictures",
"productpictures",
"userfiles",
"userpictures"
]
},
"StringEnumTemplate": { "StringEnumTemplate": {
"type": "string", "type": "string",
"enum": [] "enum": []