fix api security issues and update pages issue
This commit is contained in:
@@ -17,6 +17,14 @@ class BroadcastEmailImageService
|
||||
|
||||
public function store(UploadedFile $file): array
|
||||
{
|
||||
if (! $file->isValid()) {
|
||||
return [
|
||||
'ok' => false,
|
||||
'status' => 400,
|
||||
'error' => 'Invalid upload',
|
||||
];
|
||||
}
|
||||
|
||||
$mime = strtolower((string) $file->getMimeType());
|
||||
if (!isset($this->allowedTypes[$mime])) {
|
||||
return [
|
||||
@@ -40,7 +48,7 @@ class BroadcastEmailImageService
|
||||
}
|
||||
|
||||
$ext = $this->allowedTypes[$mime];
|
||||
$newName = uniqid('em_', true) . '.' . $ext;
|
||||
$newName = 'em_' . bin2hex(random_bytes(16)) . '.' . $ext;
|
||||
$file->move($targetDir, $newName);
|
||||
|
||||
return [
|
||||
|
||||
Reference in New Issue
Block a user