From 46d2f8a81d6de01de1ec4336055020c1516fcb4f Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 15 Nov 2021 19:42:02 -0800 Subject: [PATCH] Disallow file upload to backups on demo Signed-off-by: snipe --- app/Http/Controllers/SettingsController.php | 47 +++++++++++---------- 1 file changed, 25 insertions(+), 22 deletions(-) diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index 75d3940241..bf6ad53334 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -1150,30 +1150,33 @@ class SettingsController extends Controller public function postUploadBackup(Request $request) { - if (!$request->hasFile('file')) { - return redirect()->route('settings.backups.index')->with('error', 'No file uploaded'); - } else { - $max_file_size = Helper::file_upload_max_size(); - - $rules = [ - 'file' => 'required|mimes:zip|max:'.$max_file_size, - ]; - - $validator = \Validator::make($request->all(), $rules); - - if ($validator->passes()) { - - - - $upload_filename = 'uploaded-'.date('U').'-'.Str::slug(pathinfo($request->file('file')->getClientOriginalName(), PATHINFO_FILENAME)).'.zip'; - - Storage::putFileAs('app/backups', $request->file('file'), $upload_filename); - - return redirect()->route('settings.backups.index')->with('success', 'File uploaded'); + if (! config('app.lock_passwords')) { + if (!$request->hasFile('file')) { + return redirect()->route('settings.backups.index')->with('error', 'No file uploaded'); } else { - return redirect()->route('settings.backups.index')->withErrors($request->getErrors()); + $max_file_size = Helper::file_upload_max_size(); + + $rules = [ + 'file' => 'required|mimes:zip|max:'.$max_file_size, + ]; + + $validator = \Validator::make($request->all(), $rules); + + if ($validator->passes()) { + + $upload_filename = 'uploaded-'.date('U').'-'.Str::slug(pathinfo($request->file('file')->getClientOriginalName(), PATHINFO_FILENAME)).'.zip'; + + Storage::putFileAs('app/backups', $request->file('file'), $upload_filename); + + return redirect()->route('settings.backups.index')->with('success', 'File uploaded'); + } else { + return redirect()->route('settings.backups.index')->withErrors($request->getErrors()); + } } - } + + } else { + return redirect()->route('settings.backups.index')->with('error', trans('general.feature_disabled')); + }