Added tighter controls for matching log ID and item_id

Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe
2023-10-09 15:17:03 +01:00
parent d2dc3253ab
commit e5f5802235
6 changed files with 17 additions and 16 deletions
@@ -143,18 +143,20 @@ class UserFilesController extends Controller
$this->authorize('view', $user);
$log = Actionlog::find($fileId);
if ($log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $user->id)->first()) {
// Display the file inline
if (request('inline') == 'true') {
$headers = [
'Content-Disposition' => 'inline',
];
return Storage::download('private_uploads/users/'.$log->filename, $log->filename, $headers);
// Display the file inline
if (request('inline') == 'true') {
$headers = [
'Content-Disposition' => 'inline',
];
return Storage::download('private_uploads/users/'.$log->filename, $log->filename, $headers);
}
return Storage::download('private_uploads/users/'.$log->filename);
}
return Storage::download('private_uploads/users/'.$log->filename);
return redirect()->route('users.index')->with('error', trans('admin/users/message.log_record_not_found'));
}
// Redirect to the user management page if the user doesn't exist