mirror/UNIT3D-Community-Edition
1
0
Fork 0
mirror of https://github.com/HDInnovations/UNIT3D-Community-Edition.git synced 2026-02-15 08:08:58 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix: validate user permissions when uploading torrents via api

Browse Source
This commit is contained in:
Roardom
2023-10-07 06:03:44 +00:00
parent 1e751e64ba
commit cea35dc5d2
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/Http/Controllers/API/TorrentController.php
View File

@@ -101,6 +101,9 @@ class TorrentController extends BaseController
public function store(Request $request): \Illuminate\Http\JsonResponse
{
$user = $request->user();
abort_unless($user->can_upload, 403);
$requestFile = $request->file('torrent');
if (! $request->hasFile('torrent')) {