fix api security issues and update pages issue
This commit is contained in:
@@ -103,12 +103,28 @@ class EventManagementService
|
||||
return null;
|
||||
}
|
||||
|
||||
$allowed = [
|
||||
'image/jpeg' => 'jpg',
|
||||
'image/png' => 'png',
|
||||
'image/webp' => 'webp',
|
||||
'application/pdf' => 'pdf',
|
||||
];
|
||||
|
||||
$mime = strtolower((string) $file->getMimeType());
|
||||
if (! isset($allowed[$mime])) {
|
||||
throw new \InvalidArgumentException('Unsupported flyer file type.');
|
||||
}
|
||||
|
||||
if ((int) $file->getSize() > 5 * 1024 * 1024) {
|
||||
throw new \InvalidArgumentException('Flyer file too large. Max 5MB.');
|
||||
}
|
||||
|
||||
$dir = public_path('uploads/event_flyers');
|
||||
if (!File::exists($dir)) {
|
||||
File::makeDirectory($dir, 0755, true);
|
||||
}
|
||||
|
||||
$name = $file->hashName();
|
||||
$name = bin2hex(random_bytes(16)) . '.' . $allowed[$mime];
|
||||
$file->move($dir, $name);
|
||||
|
||||
return 'event_flyers/' . $name;
|
||||
|
||||
Reference in New Issue
Block a user