ouyang/snipe-it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added tighter controls for matching log ID and item_id

Browse Source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe
2023-10-09 15:17:03 +01:00
parent d2dc3253ab
commit e5f5802235
6 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/Accessories/AccessoriesFilesController.php
+2 -3
View File
@@ -146,9 +146,8 @@ class AccessoriesFilesController extends Controller
$this->authorize('view', $accessory);
$this->authorize('accessories.files', $accessory);
if (! $log = Actionlog::find($fileId)) {
return response('No matching record for that asset/file', 500)
->header('Content-Type', 'text/plain');
if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $accessory->id)->first()) {
return redirect()->route('accessories.index')->with('error', trans('admin/users/message.log_record_not_found'));
}
$file = 'private_uploads/accessories/'.$log->filename;