mirror/UNIT3D-Community-Edition
1
0
Fork 0
mirror of https://github.com/HDInnovations/UNIT3D-Community-Edition.git synced 2026-05-03 08:50:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: store user-uploaded files in private directories

Browse Source 
Filenames were randomized for a few of these to prevent public access, but it's still much better to put user-uploaded files behind auth.
This commit is contained in:
Roardom
2025-02-24 14:54:32 +00:00
parent 3fd29f8132
commit 1af1862229
44 changed files with 362 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/SubtitleController.php
+5 -5
View File
@@ -97,7 +97,7 @@ class SubtitleController extends Controller
] + $request->safe()->except('subtitle_file'));
// Save Subtitle
Storage::disk('subtitles')->putFileAs('', $subtitleFile, $filename);
Storage::disk('subtitle-files')->putFileAs('', $subtitleFile, $filename);
// Announce To Shoutbox
if (!$subtitle->anon) {
@@ -165,8 +165,8 @@ class SubtitleController extends Controller
abort_unless($user->group->is_modo || $user->id === $subtitle->user_id, 403);
if (Storage::disk('subtitles')->exists($subtitle->file_name)) {
Storage::disk('subtitles')->delete($subtitle->file_name);
if (Storage::disk('subtitle-files')->exists($subtitle->file_name)) {
Storage::disk('subtitle-files')->delete($subtitle->file_name);
}
$subtitle->delete();
@@ -194,8 +194,8 @@ class SubtitleController extends Controller
// Increment downloads count
$subtitle->increment('downloads');
$headers = ['Content-Type: '.Storage::disk('subtitles')->mimeType($subtitle->file_name)];
$headers = ['Content-Type: '.Storage::disk('subtitle-files')->mimeType($subtitle->file_name)];
return Storage::disk('subtitles')->download($subtitle->file_name, $tempFilename, $headers);
return Storage::disk('subtitle-files')->download($subtitle->file_name, $tempFilename, $headers);
}
}