aheathershaw/blue-twilight
1
0
Fork 0
Code Issues 32 Pull Requests Releases 15 Wiki Activity

#2: Added an intermediate step to the quick-post/upload feature that validates the request

Browse Source
This commit is contained in:
Andy Heathershaw 2017-09-10 15:25:59 +01:00
parent 544d3c5153
commit fee2841910
5 changed files with 49 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
app/Http/Controllers/Admin/DefaultController.php
View File

@ -9,6 +9,7 @@ use App\Facade\UserConfig;
use App\Group; use App\Group;
use App\Helpers\ConfigHelper; use App\Helpers\ConfigHelper;
use App\Helpers\DbHelper; use App\Helpers\DbHelper;
use App\Helpers\MiscHelper;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Http\Requests\SaveSettingsRequest; use App\Http\Requests\SaveSettingsRequest;
use App\Label; use App\Label;
@ -56,6 +57,36 @@ class DefaultController extends Controller
]); ]);
} }
public function quickUpload(Request $request)
{
$this->authorizeAccessToAdminPanel('admin:manage-albums');
$returnUrl = $request->headers->get('referer');
if (!MiscHelper::isSafeUrl($returnUrl))
{
$returnUrl = route('home');
}
// Pre-validate the upload before passing to the Photos controller
$files = $request->files->get('photo');
if (!is_array($files) || count($files) == 0)
{
$request->session()->flash('error', trans('admin.quick_upload.no_image_provided'));
return redirect($returnUrl);
}
$albumID = $request->get('album_id');
if (intval($albumID) == 0)
{
$request->session()->flash('error', trans('admin.quick_upload.no_album_selected'));
return redirect($returnUrl);
}
/** @var PhotoController $photoController */
$photoController = app(PhotoController::class);
return $photoController->store($request);
}
public function saveSettings(SaveSettingsRequest $request) public function saveSettings(SaveSettingsRequest $request)
{ {
$this->authorizeAccessToAdminPanel('admin:configure'); $this->authorizeAccessToAdminPanel('admin:configure');

11
app/Http/Middleware/GlobalConfiguration.php
View File

@ -51,6 +51,7 @@ class GlobalConfiguration
$this->addThemeInfoToView(); $this->addThemeInfoToView();
$this->addAlbumsToView(); $this->addAlbumsToView();
$this->addLabelsToView(); $this->addLabelsToView();
$this->addFlashMessages();
} }
// Set the default mail configuration as per user's requirements // Set the default mail configuration as per user's requirements
@ -68,6 +69,16 @@ class GlobalConfiguration
View::share('g_albums_upload', $albumsToUpload); View::share('g_albums_upload', $albumsToUpload);
} }
private function addFlashMessages()
{
/** @var Request $request */
$request = app('request');
if ($request->session()->has('error'))
{
View::share('error', $request->session()->get('error'));
}
}
private function addLabelsToView() private function addLabelsToView()
{ {
$NUMBER_TO_SHOW_IN_NAVBAR = 5; $NUMBER_TO_SHOW_IN_NAVBAR = 5;

4
resources/lang/en/admin.php
View File

@ -146,6 +146,10 @@ return [
'rotate_left' => 'Rotate left', 'rotate_left' => 'Rotate left',
'rotate_right' => 'Rotate right' 'rotate_right' => 'Rotate right'
], ],
'quick_upload' => [
'no_album_selected' => 'Please select an album to upload your photo(s) into.',
'no_image_provided' => 'Please select one or more images to upload.'
],
'redirects_heading' => 'Redirects', 'redirects_heading' => 'Redirects',
'redirects_actions_heading' => 'Actions', 'redirects_actions_heading' => 'Actions',
'redirects_source_url_heading' => 'Source Address', 'redirects_source_url_heading' => 'Source Address',

4
resources/views/themes/base/partials/quick_upload.blade.php
View File

@ -1,4 +1,4 @@
<form method="POST" action="{{ route('photos.store') }}" enctype="multipart/form-data"> <form method="POST" action="{{ route('admin.quickUpload') }}" enctype="multipart/form-data">
{{ csrf_field() }} {{ csrf_field() }}
<input type="hidden" name="queue_token" value="{{ Misc::randomString() }}"/> <input type="hidden" name="queue_token" value="{{ Misc::randomString() }}"/>
<div class="modal" id="quick-upload-modal"> <div class="modal" id="quick-upload-modal">
@ -30,7 +30,7 @@
</div> </div>
<div class="modal-footer"> <div class="modal-footer">
<button type="button" class="btn btn-link" data-dismiss="modal">@lang('forms.cancel_action')</button> <button type="button" class="btn btn-link" data-dismiss="modal">@lang('forms.cancel_action')</button>
<button type="submit" class="btn btn-success" onclick="this.disabled = true;"><i class="fa fa-upload"></i> @lang('forms.upload_action')</button> <button type="submit" class="btn btn-success"><i class="fa fa-upload"></i> @lang('forms.upload_action')</button>
</div> </div>
</div> </div>
</div> </div>

1
routes/web.php
View File

@ -16,6 +16,7 @@ Auth::routes();
// Administration // Administration
Route::group(['prefix' => 'admin'], function () { Route::group(['prefix' => 'admin'], function () {
Route::get('/', 'Admin\DefaultController@index')->name('admin'); Route::get('/', 'Admin\DefaultController@index')->name('admin');
Route::post('quick-upload', 'Admin\DefaultController@quickUpload')->name('admin.quickUpload');
Route::post('settings/save', 'Admin\DefaultController@saveSettings')->name('admin.saveSettings'); Route::post('settings/save', 'Admin\DefaultController@saveSettings')->name('admin.saveSettings');
Route::post('settings/test-email', 'Admin\DefaultController@testMailSettings')->name('admin.testMailSettings'); Route::post('settings/test-email', 'Admin\DefaultController@testMailSettings')->name('admin.testMailSettings');
Route::get('settings', 'Admin\DefaultController@settings')->name('admin.settings'); Route::get('settings', 'Admin\DefaultController@settings')->name('admin.settings');