fix api security issues and update pages issue
This commit is contained in:
@@ -14,8 +14,30 @@ class ExpenseReceiptService
|
||||
|
||||
public function storeReceipt(UploadedFile $file): string
|
||||
{
|
||||
$stored = $file->store('receipts');
|
||||
return basename($stored);
|
||||
if (! $file->isValid()) {
|
||||
throw new \InvalidArgumentException('Invalid receipt upload.');
|
||||
}
|
||||
|
||||
$allowed = [
|
||||
'image/jpeg' => 'jpg',
|
||||
'image/png' => 'png',
|
||||
'image/webp' => 'webp',
|
||||
'application/pdf' => 'pdf',
|
||||
];
|
||||
|
||||
$mime = strtolower((string) $file->getMimeType());
|
||||
if (! isset($allowed[$mime])) {
|
||||
throw new \InvalidArgumentException('Unsupported receipt file type.');
|
||||
}
|
||||
|
||||
if ((int) $file->getSize() > 5 * 1024 * 1024) {
|
||||
throw new \InvalidArgumentException('Receipt file too large. Max 5MB.');
|
||||
}
|
||||
|
||||
$filename = bin2hex(random_bytes(16)) . '.' . $allowed[$mime];
|
||||
$file->storeAs('receipts', $filename);
|
||||
|
||||
return $filename;
|
||||
}
|
||||
|
||||
public function receiptUrl(?string $filename): ?string
|
||||
|
||||
Reference in New Issue
Block a user